CVE-2010-3637
Description
An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unspecified ActiveX control in Adobe Flash Player on Windows allows remote code execution or denial of service via a crafted FLV video file.
Vulnerability
An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows contains a memory corruption vulnerability. The issue is triggered when the player processes a specially crafted FLV video file. This affects the Flash Player plugin on Windows systems [1].
Exploitation
An attacker can exploit this vulnerability remotely by hosting a crafted FLV video file and convincing a user to view it, typically through a web browser. No authentication or additional privileges are required. The attack involves delivering the malicious FLV file to the vulnerable ActiveX control, which then mishandles the data, leading to memory corruption [1].
Impact
Successful exploitation allows the attacker to execute arbitrary code on the target system with the privileges of the user running Flash Player, or cause a denial of service (DoS) by crashing the application. This could lead to full compromise of the affected Windows machine [1].
Mitigation
Adobe addressed this vulnerability in Flash Player versions 9.0.289.0 and 10.1.102.64. Users should update to these or later versions. No workarounds are mentioned in the available references [1]. This CVE is not listed in the CISA Known Exploited Vulnerabilities catalog (as of the knowledge cut-off).
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < 10.1.102.64 on Windows (10.x) and < 9.0.289.0 (9.x)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.adobe.com/support/security/bulletins/apsb10-26.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.htmlnvdThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- secunia.com/advisories/42926nvdThird Party Advisory
- www.securityfocus.com/archive/1/514652/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/44690nvdThird Party AdvisoryVDB Entry
- www.vupen.com/english/advisories/2010/2903nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0173nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12259nvdThird Party Advisory
- blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1nvdBroken Link
News mentions
0No linked articles in our index yet.