CVE-2010-3645
Description
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, Solaris, and Android contain an unspecified memory corruption vulnerability that allows arbitrary code execution or denial of service.
Vulnerability
An unspecified memory corruption vulnerability exists in Adobe Flash Player versions prior to 9.0.289.0 (9.x branch) and prior to 10.1.102.64 (10.x branch) on Windows, Mac OS X, Linux, and Solaris, and also prior to 10.1.95.1 on Android [1]. The vulnerability is triggered via unknown vectors, making it distinct from several other Flash Player CVEs disclosed at the same time [2].
Exploitation
An attacker can exploit this vulnerability remotely by enticing a user to open a specially crafted Flash file (e.g., via a web page or email attachment) [2]. No authentication is required, and successful exploitation relies on user interaction to load the malicious content in a browser or application that uses the vulnerable Flash Player version.
Impact
Successful exploitation allows an attacker to execute arbitrary code on the affected system with the privileges of the user running Flash Player, or to cause a denial of service (memory corruption) [2]. This can lead to full compromise of the affected machine, including data theft, malware installation, or system crash.
Mitigation
Adobe released the fixed versions: Flash Player 9.0.289.0, 10.1.102.64, and 10.1.95.1 for Android, as part of their regular update cycle. These updates were included in Red Hat Enterprise Linux advisories RHSA-2010:0829, RHSA-2010:0834, and RHSA-2010:0867 in November 2010 [2][3][4]. Users should immediately update to the patched version. No workarounds are documented; applying the update is the only mitigation.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
21- www.adobe.com/support/security/bulletins/apsb10-26.htmlnvdPatchVendor Advisory
- lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.htmlnvdThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- secunia.com/advisories/42183nvdThird Party Advisory
- secunia.com/advisories/42926nvdThird Party Advisory
- secunia.com/advisories/43026nvdThird Party Advisory
- security.gentoo.org/glsa/glsa-201101-09.xmlnvdThird Party Advisory
- support.apple.com/kb/HT4435nvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0829.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0834.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0867.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/44681nvdThird Party AdvisoryVDB Entry
- www.vupen.com/english/advisories/2010/2903nvdThird Party Advisory
- www.vupen.com/english/advisories/2010/2906nvdThird Party Advisory
- www.vupen.com/english/advisories/2010/2918nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0173nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0192nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11905nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15961nvdThird Party Advisory
- blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1nvdBroken Link
News mentions
0No linked articles in our index yet.