Sun Solaris

ソフト名：Sun Solaris 10
回避策：あり
脆弱性：セキュリティ制限の回避, 機密情報の奪取, 不正アクセス, 特定されていないエラー, リモートコード実行, インプット承認エラー, メモリ破壊エラー, 不正ライブラリのロード
ソース：http://www.oracle.com/us/products/servers-storage/solaris/index.html
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1
http://secunia.com/advisories/41917/
http://secunia.com/advisories/42926/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
CVE：CVE-2010-3636, CVE-2010-3637, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654
危険性：High Risk

Adobe Flash Player

ソフト名：Adobe Flash Player 10.1.85.3/10.1.95.1 Andriod
回避策：APSB10-26にて対応
脆弱性：セキュリティ制限の回避, リモートコード実行, 特定されていない脆弱性, 整数オーバーフロー, メモリ破壊エラー, 不正アクセス, 機密情報の奪取
ソース：http://www.adobe.com/support/security/bulletins/apsb10-26.html
http://www.exploit-db.com/exploits/15426/
http://www.securityfocus.com/bid/44669
http://www.securityfocus.com/bid/44675
http://www.securityfocus.com/bid/44677
http://www.securityfocus.com/bid/44678
http://www.securityfocus.com/bid/44679
http://www.securityfocus.com/bid/44680
http://www.securityfocus.com/bid/44681
http://www.securityfocus.com/bid/44682
http://www.securityfocus.com/bid/44683
http://www.securityfocus.com/bid/44684
http://www.securityfocus.com/bid/44685
http://www.securityfocus.com/bid/44686
http://www.securityfocus.com/bid/44687
http://www.securityfocus.com/bid/44690
http://www.securityfocus.com/bid/44691
http://www.securityfocus.com/bid/44692
http://www.securityfocus.com/bid/44693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
https://rhn.redhat.com/errata/RHSA-2010-0829.html
http://www.vupen.com/english/advisories/2010/2903
CVE：CVE-2010-3636, CVE-2010-3637, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652
危険性：High Risk

Apple Cups

ソフト名：Apple Cups 1.1～1.3.7
回避策：アップデートにて対応
脆弱性：リモートコード実行, メモリ破壊エラー, デーモンのクラッシュ
ソース：http://www.cups.org/
https://bugzilla.redhat.com/show_bug.cgi?id=624438
http://www.securityfocus.com/bid/44530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941
https://rhn.redhat.com/errata/RHSA-2010-0811.html
CVE：CVE-2010-2941
危険性：High Risk

Apple Mac OS X, Apple Mac OS X Server

ソフト名：Apple Mac OS X 10.5.8/10.6.4, Apple Mac OS X Server 10.5.8/10.6.4
回避策：Java for Mac OS X 10.6 Update 3 or Update 8にて対応
脆弱性：ローカルコマンド実行, コマンドインジェクションエラー, ローカルコード実行, メモリ破壊エラー
ソース：http://support.apple.com/kb/HT4417
http://support.apple.com/kb/HT4418
http://www.securityfocus.com/bid/44277
http://www.securityfocus.com/bid/44279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1827
http://securitytracker.com/alerts/2010/Oct/1024616.html
http://securitytracker.com/alerts/2010/Oct/1024617.html
CVE：CVE-2010-1826, CVE-2010-1827
危険性：High Risk

Microsoft Excel

ソフト名：Microsoft Excel 2002 SP3/2003 SP3/2007 SP2, Microsoft Office 2004/2008 Mac OS, Microsoft Excel Viewer SP2, Microsoft Office Compatibility Pack 2007 SP2, Microsoft Open XML File Format Converter Mac OS
回避策：MS10-080にて対応
脆弱性：整数オーバーフロー, リモートコード実行, メモリ破壊エラー
ソース：http://www.microsoft.com/technet/security/bulletin/ms10-080.mspx
http://www.securityfocus.com/bid/43643
http://www.securityfocus.com/bid/43644
http://www.securityfocus.com/bid/43646
http://www.securityfocus.com/bid/43647
http://www.securityfocus.com/bid/43649
http://www.securityfocus.com/bid/43650
http://www.securityfocus.com/bid/43651
http://www.securityfocus.com/bid/43652
http://www.securityfocus.com/bid/43653
http://www.securityfocus.com/bid/43654
http://www.securityfocus.com/bid/43655
http://www.securityfocus.com/bid/43656
http://www.securityfocus.com/bid/43657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3242
http://secunia.com/advisories/39303
http://www.vupen.com/english/advisories/2010/2627
CVE：CVE-2010-3230, CVE-2010-3231, CVE-2010-3232, CVE-2010-3233, CVE-2010-3234, CVE-2010-3235, CVE-2010-3236, CVE-2010-3237, CVE-2010-3238, CVE-2010-3239, CVE-2010-3240, CVE-2010-3241, CVE-2010-3242
危険性：High Risk

Microsoft Internet Explorer

ソフト名：Microsoft Internet Explorer 6～8
回避策：MS10-071, MS10-072にて対応
脆弱性：機密情報の奪取, リモートコード実行, メモリ破壊, メモリ破壊エラー, オートコンプリートデータの取り込み, XSS
ソース：http://www.microsoft.com/technet/security/bulletin/ms10-071.mspx
http://www.microsoft.com/technet/security/bulletin/ms10-072.mspx
http://www.securityfocus.com/bid/43695
http://www.securityfocus.com/bid/43696
http://www.securityfocus.com/bid/43703
http://www.securityfocus.com/bid/43704
http://www.securityfocus.com/bid/43705
http://www.securityfocus.com/bid/43706
http://www.securityfocus.com/bid/43707
http://www.securityfocus.com/bid/43709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3331
http://secunia.com/advisories/41746
http://www.vupen.com/english/advisories/2010/2618
http://www.vupen.com/english/advisories/2010/2619
CVE：CVE-2010-0808, CVE-2010-3243, CVE-2010-3325, CVE-2010-3326, CVE-2010-3327, CVE-2010-3328, CVE-2010-3329, CVE-2010-3330, CVE-2010-3331
危険性：High Risk

Adobe Acrobat, Adobe Reader

ソフト名：Adobe Acrobat 8.0～9.3.4（Standard/Professional）, Adobe Reader 8.0～9.3.4
回避策：APSB10-21にて対応
脆弱性：リモートコード実行, DoS攻撃, 権限の昇格, メモリ破壊エラー, アプリケーションのクラッシュ, コード実行
ソース：http://www.adobe.com/support/security/bulletins/apsb10-21.html
http://www.zerodayinitiative.com/advisories/ZDI-10-191/
http://www.zerodayinitiative.com/advisories/ZDI-10-192/
http://www.zerodayinitiative.com/advisories/ZDI-10-193/
http://www.exploit-db.com/exploits/15212/
http://www.securityfocus.com/bid/43722
http://www.securityfocus.com/bid/43723
http://www.securityfocus.com/bid/43724
http://www.securityfocus.com/bid/43725
http://www.securityfocus.com/bid/43726
http://www.securityfocus.com/bid/43727
http://www.securityfocus.com/bid/43729
http://www.securityfocus.com/bid/43730
http://www.securityfocus.com/bid/43731
http://www.securityfocus.com/bid/43732
http://www.securityfocus.com/bid/43733
http://www.securityfocus.com/bid/43734
http://www.securityfocus.com/bid/43735
http://www.securityfocus.com/bid/43736
http://www.securityfocus.com/bid/43737
http://www.securityfocus.com/bid/43738
http://www.securityfocus.com/bid/43739
http://www.securityfocus.com/bid/43740
http://www.securityfocus.com/bid/43741
http://www.securityfocus.com/bid/43744
http://www.securityfocus.com/bid/43746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3631
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3658
http://www.vupen.com/english/advisories/2010/2573
CVE：CVE-2010-2887, CVE-2010-2888, CVE-2010-2889, CVE-2010-2890, CVE-2010-3619, CVE-2010-3620, CVE-2010-3621, CVE-2010-3622, CVE-2010-3623, CVE-2010-3624, CVE-2010-3625, CVE-2010-3626, CVE-2010-3627, CVE-2010-3628, CVE-2010-3629, CVE-2010-3630, CVE-2010-3631, CVE-2010-3632, CVE-2010-3656, CVE-2010-3657, CVE-2010-3658
危険性：High Risk

Linux Kernel

ソフト名：Linux Kernel 2.6.0～2.6.35 rc5
回避策：linux-kernel Mailing List dated 2010-10-01 21:51:47にて対応
脆弱性：メモリ破壊エラー, DoS攻撃, カーネルパニック
ソース：http://marc.info/?l=linux-kernel&m=128596992418814&w=2
http://permalink.gmane.org/gmane.comp.security.oss.general/3610
http://www.securityfocus.com/bid/43701
http://securitytracker.com/alerts/2010/Oct/1024505.html
危険性：Low Risk

Microsoft Windows XP

ソフト名：Microsoft Windows XP SP2/SP3
回避策：未対応
脆弱性：DoS攻撃, メモリ破壊エラー, アプリケーションのクラッシュ, リモートコード実行
ソース：http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/mspaint_overview.mspx?mfr=true
http://www.exploit-db.com/exploits/15034/
http://www.securityfocus.com/bid/43322
危険性：Low Risk

Apple iPhone OS

ソフト名：Apple iPhone OS 2.0～4.0.1 iPodtouch
回避策：アップデートにて対応
脆弱性：リモートコード実行, バッファオーバーフロー, メモリ破壊エラー, セキュリティの強度不足, セキュリティ制限の回避, アプリケーションのクラッシュ
ソース：http://support.apple.com/kb/HT4334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1817
http://secunia.com/advisories/41328
http://www.vupen.com/english/advisories/2010/2335
CVE：CVE-2010-1781, CVE-2010-1809, CVE-2010-1810, CVE-2010-1811, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1817
危険性：High Risk

Open Source Project WebKit

ソフト名：Open Source Project WebKit
回避策：あり
脆弱性：メモリ破壊エラー, リモートコード実行, 解放後使用エラー, DoS攻撃
ソース：http://www.google.com/chrome/intl/ja/landing.html?hl=ja
https://bugzilla.redhat.com/show_bug.cgi?id=596498
https://bugzilla.redhat.com/show_bug.cgi?id=596500
http://qt.nokia.com/
http://webkit.org/projects/css/index.html
http://www.securityfocus.com/bid/41573
http://www.securityfocus.com/bid/41575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773
CVE：CVE-2010-1772, CVE-2010-1773
危険性：High Risk

Microsoft Internet Explorer

ソフト名：Microsoft Internet Explorer 6～8
回避策：MS10-053にて対応
脆弱性：機密情報の奪取, メモリ破壊エラー, リモートコード実行
ソース：http://www.microsoft.com/technet/security/bulletin/ms10-053.mspx
http://www.securityfocus.com/bid/42257
http://www.securityfocus.com/bid/42258
http://www.securityfocus.com/bid/42288
http://www.securityfocus.com/bid/42289
http://www.securityfocus.com/bid/42290
http://www.securityfocus.com/bid/42292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2560
http://secunia.com/advisories/40895
http://www.vupen.com/english/advisories/2010/2050
CVE：CVE-2010-1258, CVE-2010-2556, CVE-2010-2557, CVE-2010-2558, CVE-2010-2559, CVE-2010-2560
危険性：High Risk

Apple iPhone OS

ソフト名：Apple iPhone OS 4.0/4.1 iPodtouch
回避策：未対応
脆弱性：リモートコード実行, 権限の昇格, メモリ破壊エラー, アプリケーションのクラッシュ, 特定されていない脆弱性
ソース：http://www.apple.com/iphone/softwareupdate/
http://www.securityfocus.com/bid/42151
http://secunia.com/advisories/40807
http://www.vupen.com/english/advisories/2010/1992
危険性：High Risk

Apple Safari

ソフト名：Apple Safari 4.1/5.0
回避策：アップデートにて対応
脆弱性：XSS, リモートコード実行, メモリ破壊エラー, メモリアクセスエラー, 解放後使用エラー, バッファオーバーフロー, 認証資格情報の奪取, アプリケーションのクラッシュ
ソース：http://support.apple.com/kb/HT4276
http://www.securityfocus.com/bid/42034
http://www.securityfocus.com/bid/42035
http://www.securityfocus.com/bid/42036
http://www.securityfocus.com/bid/42037
http://www.securityfocus.com/bid/42038
http://www.securityfocus.com/bid/42039
http://www.securityfocus.com/bid/42041
http://www.securityfocus.com/bid/42042
http://www.securityfocus.com/bid/42043
http://www.securityfocus.com/bid/42044
http://www.securityfocus.com/bid/42045
http://www.securityfocus.com/bid/42046
http://www.securityfocus.com/bid/42048
http://www.securityfocus.com/bid/42049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793
http://www.vupen.com/english/advisories/2010/1945
CVE：CVE-2010-1778, CVE-2010-1780, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793
危険性：High Risk