ID CVE-2009-3799
Summary Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."
References
Vulnerable Configurations
  • Adobe Adobe Integrated Runtime (AIR) 1.0
    cpe:2.3:a:adobe:adobe_air:1.0
  • Adobe Adobe Integrated Runtime 1.0.1
    cpe:2.3:a:adobe:adobe_air:1.0.1
  • Adobe Adobe Integrated Runtime (AIR) 1.1
    cpe:2.3:a:adobe:adobe_air:1.1
  • Adobe Adobe Integrated Runtime 1.5.1
    cpe:2.3:a:adobe:adobe_air:1.5.1
  • Adobe Adobe Integrated Runtime (AIR) 1.5.2
    cpe:2.3:a:adobe:adobe_air:1.5.2
  • cpe:2.3:a:adobe:flash_player:7.0
  • cpe:2.3:a:adobe:flash_player:7.0.1
  • Adobe Flash Player 7.0.25
    cpe:2.3:a:adobe:flash_player:7.0.25
  • Adobe Flash Player 7.0.63
    cpe:2.3:a:adobe:flash_player:7.0.63
  • cpe:2.3:a:adobe:flash_player:7.0.69.0
  • cpe:2.3:a:adobe:flash_player:7.0.70.0
  • cpe:2.3:a:adobe:flash_player:7.1
  • cpe:2.3:a:adobe:flash_player:7.1.1
  • Adobe Flash MX 2004
    cpe:2.3:a:adobe:flash_player:7.2
  • cpe:2.3:a:adobe:flash_player:8:-:pro
    cpe:2.3:a:adobe:flash_player:8:-:pro
  • cpe:2.3:a:adobe:flash_player:8:-:professional
    cpe:2.3:a:adobe:flash_player:8:-:professional
  • cpe:2.3:a:adobe:flash_player:8.0
  • cpe:2.3:a:adobe:flash_player:8.0:-:basic
    cpe:2.3:a:adobe:flash_player:8.0:-:basic
  • cpe:2.3:a:adobe:flash_player:8.0:-:pro
    cpe:2.3:a:adobe:flash_player:8.0:-:pro
  • Adobe Flash 8.0.24.0
    cpe:2.3:a:adobe:flash_player:8.0.24.0
  • Adobe Flash Player 8.0.34.0
    cpe:2.3:a:adobe:flash_player:8.0.34.0
  • cpe:2.3:a:adobe:flash_player:8.0.35.0
  • Adobe Flash Player 8.0.39.0
    cpe:2.3:a:adobe:flash_player:8.0.39.0
  • Adobe Flash Player 9.0
    cpe:2.3:a:adobe:flash_player:9.0
  • cpe:2.3:a:adobe:flash_player:9.0.16
  • Adobe Flash Player 9.0.18d60
    cpe:2.3:a:adobe:flash_player:9.0.18d60
  • cpe:2.3:a:adobe:flash_player:9.0.20
  • Adobe Flash Player 9.0.20.0
    cpe:2.3:a:adobe:flash_player:9.0.20.0
  • Adobe Flash Player 9.0.28
    cpe:2.3:a:adobe:flash_player:9.0.28
  • Adobe Flash Player 9.0.28.0
    cpe:2.3:a:adobe:flash_player:9.0.28.0
  • Adobe Flash Player 9.0.31
    cpe:2.3:a:adobe:flash_player:9.0.31
  • cpe:2.3:a:adobe:flash_player:9.0.31.0
  • cpe:2.3:a:adobe:flash_player:9.0.45.0
  • cpe:2.3:a:adobe:flash_player:9.0.47.0
  • Adobe Flash Player 9.0.112.0
    cpe:2.3:a:adobe:flash_player:9.0.112.0
  • cpe:2.3:a:adobe:flash_player:9.0.114.0
  • cpe:2.3:a:adobe:flash_player:9.0.115.0
  • Adobe Flash Player 9.0.124.0
    cpe:2.3:a:adobe:flash_player:9.0.124.0
  • Adobe Flash 9.0.155.0
    cpe:2.3:a:adobe:flash_player:9.0.155.0
  • Adobe Flash Player 9.0.159.0
    cpe:2.3:a:adobe:flash_player:9.0.159.0
  • Adobe Flash Player 9.125.0
    cpe:2.3:a:adobe:flash_player:9.125.0
  • Adobe Flash Player 10.0.0.584
    cpe:2.3:a:adobe:flash_player:10.0.0.584
  • Adobe Flash Player 10.0.12.10
    cpe:2.3:a:adobe:flash_player:10.0.12.10
  • Adobe Flash Player 10.0.12.36
    cpe:2.3:a:adobe:flash_player:10.0.12.36
  • Adobe Flash Player 10.0.22.87
    cpe:2.3:a:adobe:flash_player:10.0.22.87
  • Adobe Flash Player 10.0.32.18
    cpe:2.3:a:adobe:flash_player:10.0.32.18
CVSS
Base: 9.3 (as of 11-12-2009 - 09:02)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Windows
    NASL id ADOBE_AIR_APSB09-19.NASL
    description The remote Windows host contains a version of Adobe AIR that is earlier than 1.5.3. Such versions are potentially affected by multiple vulnerabilities : - A vulnerability in the parsing of JPEG data could lead to code execution. (CVE-2009-3794) - A data injection vulnerability could lead to code execution. (CVE-2009-3796) - A memory corruption vulnerability could lead to code execution. (CVE-2009-3797) - A memory corruption vulnerability could lead to code execution. (CVE-2009-3798) - An integer overflow vulnerability could lead to code execution. (CVE-2009-3799) - Multiple crash vulnerabilities could lead to code execution. (CVE-2009-3800)
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 43069
    published 2009-12-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43069
    title Adobe AIR < 1.5.3 Multiple Vulnerabilities (APSB09-19)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201001-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201001-02 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player: An anonymous researcher working with the Zero Day Initiative reported that Adobe Flash Player does not properly process JPEG files (CVE-2009-3794). Jim Cheng of EffectiveUI reported an unspecified data injection vulnerability (CVE-2009-3796). Bing Liu of Fortinet's FortiGuard Labs reported multiple unspecified memory corruption vulnerabilities (CVE-2009-3797, CVE-2009-3798). Damian Put reported an integer overflow in the Verifier::parseExceptionHandlers() function (CVE-2009-3799). Will Dormann of CERT reported multiple unspecified Denial of Service vulnerabilities (CVE-2009-3800). Impact : A remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service via unknown vectors. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 44891
    published 2010-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44891
    title GLSA-201001-02 : Adobe Flash Player: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FLASH-PLAYER-6766.NASL
    description Specially crafted Flash (SWF) files can cause overflows in flash-player. Attackers could potentially exploit that to execute arbitrary code. (CVE-2009-3794 / CVE-2009-3796 / CVE-2009-3797 / CVE-2009-3798 / CVE-2009-3799 / CVE-2009-3800 / CVE-2009-3951)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 51732
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51732
    title SuSE 10 Security Update : flash-player (ZYPP Patch Number 6766)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1658.NASL
    description An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 Extras and 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially crafted SWF content. (CVE-2009-3794, CVE-2009-3796, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 9.0.260.0.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 63908
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63908
    title RHEL 3 / 4 : flash-plugin (RHSA-2009:1658)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2010-001.NASL
    description The remote host is running a version of Mac OS X 10.6 or 10.5 that does not have Security Update 2010-001 applied. This security update contains fixes for the following products : - CoreAudio - CUPS - Flash Player plug-in - ImageIO - Image RAW - OpenSSL
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 44095
    published 2010-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44095
    title Mac OS X Multiple Vulnerabilities (Security Update 2010-001)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1657.NASL
    description An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially crafted SWF content. (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.0.42.34.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 63907
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63907
    title RHEL 5 : flash-plugin (RHSA-2009:1657)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_FLASH-PLAYER-091211.NASL
    description Specially crafted Flash (SWF) files can cause overflows in flash-player. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798,CVE-2009-3799, CVE-2009-3800, CVE-2009-3951)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 43384
    published 2009-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43384
    title openSUSE Security Update : flash-player (flash-player-1707)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FLASH-PLAYER-6769.NASL
    description Specially crafted Flash (SWF) files can cause overflows in flash-player. Attackers could potentially exploit that to execute arbitrary code. (CVE-2009-3794 / CVE-2009-3796 / CVE-2009-3797 / CVE-2009-3798 / CVE-2009-3799 / CVE-2009-3800 / CVE-2009-3951)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 51733
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51733
    title SuSE 10 Security Update : flash-player (ZYPP Patch Number 6769)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_FLASH-PLAYER-100111.NASL
    description Specially crafted Flash (SWF) files can cause overflows in flash-player. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798,CVE-2009-3799, CVE-2009-3800, CVE-2009-3951) flash-player was upgraded to version 10 to fix those problems.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 43855
    published 2010-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43855
    title openSUSE Security Update : flash-player (flash-player-1769)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_FLASH-PLAYER-091215.NASL
    description Specially crafted Flash (SWF) files can cause overflows in flash-player. Attackers could potentially exploit that to execute arbitrary code. (CVE-2009-3794 / CVE-2009-3796 / CVE-2009-3797 / CVE-2009-3798 / CVE-2009-3799 / CVE-2009-3800 / CVE-2009-3951)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 43387
    published 2009-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43387
    title SuSE 11 Security Update : flash-player (SAT Patch Number 1698)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_FLASH-PLAYER-091216.NASL
    description Specially crafted Flash (SWF) files can cause overflows in flash-player. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798,CVE-2009-3799, CVE-2009-3800, CVE-2009-3951)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 43381
    published 2009-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43381
    title openSUSE Security Update : flash-player (flash-player-1707)
  • NASL family Windows
    NASL id FLASH_PLAYER_APSB09_19.NASL
    description The remote Windows host contains a version of Adobe Flash Player that is earlier than 9.0.260 or 10.0.42.34. Such versions are potentially affected by multiple vulnerabilities : - A vulnerability in the parsing of JPEG data could lead to code execution. (CVE-2009-3794) - A data injection vulnerability could lead to code execution. (CVE-2009-3796) - A memory corruption vulnerability could lead to code execution. (CVE-2009-3797) - A memory corruption vulnerability could lead to code execution. (CVE-2009-3798) - An integer overflow vulnerability could lead to code execution. (CVE-2009-3799) - Multiple crash vulnerabilities could lead to code execution. (CVE-2009-3800) - A Windows-only local file name access vulnerability could lead to information disclosure. (CVE-2009-3591)
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 43068
    published 2009-12-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43068
    title Flash Player < 9.0.260 / 10.0.42.34 Multiple Vulnerabilities (APSB09-19)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3C1A672EE50811DE9F4A001B2134EF46.NASL
    description Adobe Product Security Incident Response Team reports : Critical vulnerabilities have been identified in Adobe Flash Player version 10.0.32.18 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 43093
    published 2009-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43093
    title FreeBSD : linux-flashplugin -- multiple vulnerabilities (3c1a672e-e508-11de-9f4a-001b2134ef46)
oval via4
  • accepted 2013-02-04T04:01:03.634-05:00
    class vulnerability
    contributors
    name Shane Shaffer
    organization G2, Inc.
    definition_extensions
    • comment Adobe Flash Player is Installed
      oval oval:org.mitre.oval:def:12319
    • comment Adobe AIR is installed
      oval oval:org.mitre.oval:def:15988
    description Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."
    family macos
    id oval:org.mitre.oval:def:16315
    status accepted
    submitted 2012-12-20T15:35:55.661-05:00
    title Adobe Flash Player and AIR 'exception_count' Integer Overflow Vulnerability
    version 4
  • accepted 2015-08-03T04:02:03.750-04:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Jeff Cockerill
      organization G2, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Adobe AIR is installed
      oval oval:org.mitre.oval:def:7479
    • comment Adobe Flash Player is installed
      oval oval:org.mitre.oval:def:6700
    • comment ActiveX Control is installed
      oval oval:org.mitre.oval:def:26707
    description Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."
    family windows
    id oval:org.mitre.oval:def:7191
    status accepted
    submitted 2010-01-14T12:00:00.000-05:00
    title Adobe Flash Player and AIR 'exception_count' Integer Overflow Vulnerability
    version 63
  • accepted 2010-06-07T04:01:00.780-04:00
    class vulnerability
    contributors
    name Pai Peng
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."
    family unix
    id oval:org.mitre.oval:def:8208
    status accepted
    submitted 2010-03-22T14:26:56.000-04:00
    title Multiple Security Vulnerabilities in the Adobe Flash Player for Solaris May Lead to a Denial of Service (DoS) or Arbitrary Code Execution (Adobe Security Bulletin APSB09-19)
    version 32
redhat via4
advisories
  • rhsa
    id RHSA-2009:1657
  • rhsa
    id RHSA-2009:1658
refmap via4
apple APPLE-SA-2010-01-19-1
bid 37199
bugtraq 20091209 ZDI-09-093: Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability
cert TA09-343A
confirm
misc http://zerodayinitiative.com/advisories/ZDI-09-093/
osvdb 60889
sectrack
  • 1023306
  • 1023307
secunia
  • 37584
  • 37902
  • 38241
sunalert 1021716
suse SUSE-SA:2009:062
vupen
  • ADV-2009-3456
  • ADV-2010-0173
xf flash-air-unspecified-overflow(54635)
Last major update 02-11-2013 - 22:53
Published 10-12-2009 - 14:30
Last modified 30-10-2018 - 12:26
Back to Top