SuSE Update For Flash-player SUSE-SA:2010:034 Network Vulnerability

Impact

remote code execution

Solution

Please Install the Updated Packages.

Insight

Flash Player was updated to version 10.1.82.76 fixing several critical security issues: - CVE-2010-0209: CVSS v2 Base Score: 9.3: Code Injection (CWE-94) Details unknown. - CVE-2010-2188: CVSS v2 Base Score: 6.8: Buffer Errors (CWE-119) Allowed attackers to cause a memory corruption or possibly even execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments. - CVE-2010-2213: CVSS v2 Base Score: 9.3: Code Injection (CWE-94) Details unknown. - CVE-2010-2214: CVSS v2 Base Score: 9.3: Code Injection (CWE-94) Details unknown. - CVE2010-2215: CVSS v2 Base Score: 4.3: Other (CWE-Other) Allowed an attack related to so called &quot click-jacking&quot . - CVE-2010-2216: CVSS v2 Base Score: 9.3: Code Injection (CWE-94) Details unknown.

Affected

flash-player on openSUSE 11.1, openSUSE 11.2

References

http://www.novell.com/linux/security/advisories/2010_34_flash.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0209, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SuSE Update for flash-player SUSE-SA:2010:034

Take action and discover your vulnerabilities