CVE-2010-3652
Description
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 has an unspecified memory corruption vulnerability allowing arbitrary code execution or denial of service.
Vulnerability
An unspecified memory corruption vulnerability exists in Adobe Flash Player versions before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and before 10.1.95.1 on Android. The flaw is triggered by unknown vectors and is distinct from a group of similar issues (CVE-2010-3640–CVE-2010-3650) [2][3][4].
Exploitation
An attacker can exploit this vulnerability by convincing a user to open a specially crafted Flash (SWF) file, typically delivered via a web browser, email attachment, or an embedded object on a malicious website. No authentication is required, and the attack can be launched remotely over a network [1][2].
Impact
Successful exploitation could lead to arbitrary code execution in the context of the user running the Flash Player, or cause a denial of service (memory corruption) that crashes the application or the entire browser [1][2][3][4]. The attacker could potentially gain full control of the affected system.
Mitigation
Adobe addressed this vulnerability in Flash Player version 9.0.289.0 (for the 9.x branch) and 10.1.102.64 (for the 10.x branch) on desktop platforms, and version 10.1.95.1 on Android. Users and administrators should upgrade to these patched releases immediately, as no workarounds are available [2][3][4].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=9.0.289.0 / 10.x <10.1.102.64 / Android 10.1.95.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
21- www.adobe.com/support/security/bulletins/apsb10-26.htmlnvdPatchVendor Advisory
- lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.htmlnvdThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- secunia.com/advisories/42183nvdThird Party Advisory
- secunia.com/advisories/42926nvdThird Party Advisory
- secunia.com/advisories/43026nvdThird Party Advisory
- security.gentoo.org/glsa/glsa-201101-09.xmlnvdThird Party Advisory
- support.apple.com/kb/HT4435nvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0829.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0834.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0867.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/44687nvdThird Party AdvisoryVDB Entry
- www.vupen.com/english/advisories/2010/2903nvdThird Party Advisory
- www.vupen.com/english/advisories/2010/2906nvdThird Party Advisory
- www.vupen.com/english/advisories/2010/2918nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0173nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0192nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11965nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15284nvdThird Party Advisory
- blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1nvdBroken Link
News mentions
0No linked articles in our index yet.