CVE Reference: CVE-2010-3976

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2010-3976

Description:
Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player.

CVE Status:
Candidate

References:

SUSE
  http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html

SAID
  Secunia Advisory: SA43026

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6926

MISC
  http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt
  http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29

HP
  http://marc.info/?l=bugtraq&m=130331642631603&w=2

GENTOO
  http://security.gentoo.org/glsa/glsa-201101-09.xml

CONFIRM
  http://www.adobe.com/support/security/bulletins/apsb10-26.html
  http://support.apple.com/kb/HT4435

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/514653/100/0/threaded
  http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html

BID
  44671

APPLE
  http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html


Return to the previous page.