CVE-2010-3639

Adobe Flash Player < 9.0.289.0 - Denial of Service or Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3639. PoCs published by Matthew Bergin.

AI-analyzed exploit summary The writeup describes an integer overflow vulnerability in Adobe Flash (CVE-2010-3639) affecting specific versions, where a malformed ActionIf ActionScript statement with a BranchOffset of -305 or smaller triggers an access violation, potentially leading to memory disclosure or DoS. The vulnerability is confirmed in Flash10e.ocx and Flash10c.ocx under specific conditions.

Description

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Matthew Bergin · textdoswindows
https://www.exploit-db.com/exploits/15426

The writeup describes an integer overflow vulnerability in Adobe Flash (CVE-2010-3639) affecting specific versions, where a malformed ActionIf ActionScript statement with a BranchOffset of -305 or smaller triggers an access violation, potentially leading to memory disclosure or DoS. The vulnerability is confirmed in Flash10e.ocx and Flash10c.ocx under specific conditions.

Classification
Writeup 90%
Attack Type
Dos | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player (Flash10e.ocx v10.0.45.2, Flash10c.ocx v10.0.32.18 r32)
No auth needed
Prerequisites: Victim must load a maliciously crafted SWF file · Specific versions of Flash Player must be in use
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (21)

Core 21
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0192
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42183
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4435
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43026
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201101-09.xml
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2918
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44692
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0834.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42926
Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=130331642631603&w=2
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2903
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0173
Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb10-26.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2906
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0867.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0829.html

Scores

EPSS 0.2160
EPSS Percentile 97.3%

Details

Status published
Products (1)
adobe/flash_player 9.0 - 9.0.289.0
Published Nov 07, 2010
Tracked Since Feb 18, 2026