ID CVE-2009-3797
Summary Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:adobe_air:-:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:adobe_air:-:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:adobe_air:1.0.8.4990:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:adobe_air:1.0.8.4990:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:adobe_air:1.0.4990:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:adobe_air:1.0.4990:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:adobe_air:1.1.0.5790:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:adobe_air:1.1.0.5790:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:adobe_air:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:adobe_air:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:adobe_air:1.5.0.7220:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:adobe_air:1.5.0.7220:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:adobe_air:1.5.1.8210:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:adobe_air:1.5.1.8210:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:adobe_air:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:adobe_air:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 19-09-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2013-02-04T04:00:14.486-05:00
    class vulnerability
    contributors
    name Shane Shaffer
    organization G2, Inc.
    definition_extensions
    • comment Adobe Flash Player is Installed
      oval oval:org.mitre.oval:def:12319
    • comment Adobe AIR is installed
      oval oval:org.mitre.oval:def:15988
    description Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
    family macos
    id oval:org.mitre.oval:def:15795
    status accepted
    submitted 2012-12-20T15:35:55.661-05:00
    title Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability
    version 4
  • accepted 2015-08-03T04:02:02.755-04:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Jeff Cockerill
      organization G2, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Adobe AIR is installed
      oval oval:org.mitre.oval:def:7479
    • comment Adobe Flash Player is installed
      oval oval:org.mitre.oval:def:6700
    • comment ActiveX Control is installed
      oval oval:org.mitre.oval:def:26707
    description Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
    family windows
    id oval:org.mitre.oval:def:7140
    status accepted
    submitted 2010-01-14T12:00:00.000-05:00
    title Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability
    version 63
  • accepted 2010-06-07T04:01:05.699-04:00
    class vulnerability
    contributors
    name Pai Peng
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
    family unix
    id oval:org.mitre.oval:def:8350
    status accepted
    submitted 2010-03-22T14:26:56.000-04:00
    title Multiple Security Vulnerabilities in the Adobe Flash Player for Solaris May Lead to a Denial of Service (DoS) or Arbitrary Code Execution (Adobe Security Bulletin APSB09-19)
    version 31
redhat via4
advisories
rhsa
id RHSA-2009:1657
refmap via4
apple APPLE-SA-2010-01-19-1
bid 37199
cert TA09-343A
confirm
sectrack
  • 1023306
  • 1023307
secunia
  • 37584
  • 37902
  • 38241
sunalert 1021716
suse SUSE-SA:2009:062
vupen
  • ADV-2009-3456
  • ADV-2010-0173
xf flash-air-corruption-code-execution(54633)
Last major update 19-09-2017 - 01:29
Published 10-12-2009 - 19:30
Back to Top