Summary
This host is installed with Adobe Flash Player and is prone to untrusted search path vulnerability.
Impact
Successful exploitation will allow attackers to trigger user to save a malicious dll file in users Desktop.
Impact Level: Application/System.
Solution
Upgrade to Adobe Flash Player version 10.1.102.64 or later.
For updates refer to http://www.adobe.com/support/flashplayer/downloads.html
Insight
The application passes an insufficiently qualified path in loading its external libraries 'dwmapi.dll'.
Affected
Adobe Flash Player version 10.1.0 through 10.1.82.76
References
Severity
Classification
-
CVE CVE-2010-3976 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)
- Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X
- Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)