VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 15, 2010· Updated Apr 29, 2026

CVE-2010-0186

CVE-2010-0186

Description

Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player, AIR, Reader/Acrobat before fixed versions allow cross-domain requests via crafted SWF, bypassing sandbox restrictions.

Vulnerability

CVE-2010-0186 is a cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1. The bug allows attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors. The affected code paths are reachable when a victim loads a web page containing specially-crafted SWF content [3].

Exploitation

An attacker needs to host a malicious SWF file on a website and trick a victim into visiting that page (e.g., via social engineering or embedding the SWF in a trusted site). No special network position or authentication is required beyond the ability to serve web content. The attacker exploits the cross-domain flaw to perform requests to other domains from the victim's browser, bypassing same-origin policy restrictions [3].

Impact

Successful exploitation allows the attacker to make unauthorized cross-domain requests, potentially leading to the disclosure of sensitive data from the victim's session or other origins. This bypasses the security sandbox that normally prevents such requests. The impact is information disclosure; no direct code execution is reported [3].

Mitigation

Adobe released fixed versions: Flash Player 10.0.45.2, AIR 1.5.3.9130, and Reader/Acrobat 8.2.1 and 9.3.1 in February 2010. Users should upgrade to these versions or later. Red Hat provided updated packages for RHEL 5 via RHSA-2010:0102 [3]. No workarounds are documented, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.

References
  1. https://rhn.redhat.com/errata/RHSA-2010-0102.html

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

84
  • Adobe Inc./Acrobat16 versions
    cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*range: <=9.3
    • cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*
  • Adobe Inc./Acrobat Reader15 versions
    cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*range: <=9.3
    • cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*
  • Adobe Inc./Air6 versions
    cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*range: <=1.5.3.9120
    • cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.5.3:*:*:*:*:*:*:*
  • Adobe Inc./Flashplayer47 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 46 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=10.0.42.34
    • cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

21

News mentions

0

No linked articles in our index yet.