Clickjacking Vulnerability in Adobe Flash Player and AIR
CVE-2010-2215

Currently unrated

Key Information:

Vendor: Adobe
Status: Flash Player; Adobe Air; Flash Player For Linux
Vendor: CVE Published:; 11 August 2010

What is CVE-2010-2215?

This vulnerability in Adobe Flash Player and Adobe AIR allows attackers to manipulate user interactions through a clickjacking technique. By tricking users into selecting a link or completing a dialog, attackers can gain unauthorized access or execute unintended actions on behalf of the user. This issue affects versions of Adobe Flash Player released prior to 9.0.280 and 10.x before 10.1.82.76, as well as Adobe AIR versions preceding 2.0.3. Proper awareness and security measures are essential to mitigate risks associated with this vulnerability.

References

http://www.vupen.com/english/advisories/2011/0192

vdb-entryx_refsource_VUPEN

http://support.apple.com/kb/HT4435

x_refsource_CONFIRM

http://marc.info/?l=bugtraq&m=128767780602751&w=2

vendor-advisoryx_refsource_HP

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2010
Vulnerability Reserved
Jun 8, 2010