CVE-2010-3647
Description
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on multiple platforms and 10.1.95.1 on Android contains an unspecified memory corruption vulnerability that can lead to arbitrary code execution or denial of service.
Vulnerability
Unspecified vulnerability in Adobe Flash Player before version 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android allows attackers to cause memory corruption via unknown vectors [1]. This vulnerability is distinct from several other Flash Player CVEs [1].
Exploitation
The exploitation requires the attacker to deliver a crafted Flash file (e.g., via a web page or other means) that triggers unspecified memory corruption. No authentication or specific user interaction beyond opening the file is necessary.
Impact
Successful exploitation can lead to arbitrary code execution or denial of service, potentially allowing the attacker to take control of the affected system or crash the Flash Player process.
Mitigation
Adobe released Flash Player 9.0.289.0, 10.1.102.64, and 10.1.95.1 (Android) to address this vulnerability. Red Hat also issued updated packages via RHSA-2010-0834, RHSA-2010-0829, and RHSA-2010-0867 [2][3][4]. Users should upgrade to these versions immediately.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: before 9.0.289.0, before 10.1.102.64
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
21- www.adobe.com/support/security/bulletins/apsb10-26.htmlnvdPatchVendor Advisory
- lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.htmlnvdThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- secunia.com/advisories/42183nvdThird Party Advisory
- secunia.com/advisories/42926nvdThird Party Advisory
- secunia.com/advisories/43026nvdThird Party Advisory
- security.gentoo.org/glsa/glsa-201101-09.xmlnvdThird Party Advisory
- support.apple.com/kb/HT4435nvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0829.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0834.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0867.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/44683nvdThird Party AdvisoryVDB Entry
- www.vupen.com/english/advisories/2010/2903nvdThird Party Advisory
- www.vupen.com/english/advisories/2010/2906nvdThird Party Advisory
- www.vupen.com/english/advisories/2010/2918nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0173nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0192nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12095nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16160nvdThird Party Advisory
- blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1nvdBroken Link
News mentions
0No linked articles in our index yet.