Published:2010/11/09  Last Updated:2010/11/09

Flash Player access restriction bypass vulnerability


Flash Player contains an access restriction bypass vulnerability.

Products Affected

  • Adobe Flash Player and earlier for Windows, Macintosh, Linux, and Solaris
  • Adobe Flash Player for Android


When Flash Player references a different website than the site where Flash contents are hosted, the referenced site must be allowed access by the cross-domain policy file.

Flash Player contains a vulnerability where access restrictions set by the cross-domain policy file may be bypassed.


Cross-domain policy restrictions can be bypassed by using a specially crafted web page. This could result in unauthorized access to website data.


Update the Software
Update to the latest version according to the information provided by the developer.


JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2010.11.09

Measures Conditions Severity
Access Required can be attacked over the Internet using packets
  • High
Authentication anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file
  • Mid
Exploit Complexity some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls)
  • Mid-High

Description of each analysis measures


Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2010-3636
JVN iPedia JVNDB-2010-000054