cvelistv5 - cve-2009-3794

CVE-2009-3794 (GCVE-0-2009-3794)

Vulnerability from cvelistv5

Published

2009-12-10 19:00

Modified

2024-08-07 06:38

Severity ?

CWE

Summary

Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.

References

URL

Tags

psirt@adobe.com	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
psirt@adobe.com	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
psirt@adobe.com	http://osvdb.org/60885
psirt@adobe.com	http://secunia.com/advisories/37584	Vendor Advisory
psirt@adobe.com	http://secunia.com/advisories/37902
psirt@adobe.com	http://secunia.com/advisories/38241
psirt@adobe.com	http://securitytracker.com/id?1023306
psirt@adobe.com	http://securitytracker.com/id?1023307
psirt@adobe.com	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
psirt@adobe.com	http://support.apple.com/kb/HT4004
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb09-19.html	Patch, Vendor Advisory
psirt@adobe.com	http://www.redhat.com/support/errata/RHSA-2009-1657.html
psirt@adobe.com	http://www.redhat.com/support/errata/RHSA-2009-1658.html	Patch
psirt@adobe.com	http://www.securityfocus.com/archive/1/508336/100/0/threaded
psirt@adobe.com	http://www.securityfocus.com/bid/37199
psirt@adobe.com	http://www.us-cert.gov/cas/techalerts/TA09-343A.html	US Government Resource
psirt@adobe.com	http://www.vupen.com/english/advisories/2009/3456	Patch, Vendor Advisory
psirt@adobe.com	http://www.vupen.com/english/advisories/2010/0173
psirt@adobe.com	http://zerodayinitiative.com/advisories/ZDI-09-092/	Patch
psirt@adobe.com	https://bugzilla.redhat.com/show_bug.cgi?id=543857
psirt@adobe.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/54631
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/60885
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37584	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37902
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38241
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023306
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023307
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4004
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-19.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1657.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1658.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/508336/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37199
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-343A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3456	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0173
af854a3a-2127-422b-91ae-364da2661108	http://zerodayinitiative.com/advisories/ZDI-09-092/	Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=543857
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/54631
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:38:30.269Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:8686",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686"
          },
          {
            "name": "RHSA-2009:1657",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
          },
          {
            "name": "1023307",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023307"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://zerodayinitiative.com/advisories/ZDI-09-092/"
          },
          {
            "name": "flash-air-jpeg-code-execution(54631)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54631"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4004"
          },
          {
            "name": "1021716",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
          },
          {
            "name": "60885",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/60885"
          },
          {
            "name": "APPLE-SA-2010-01-19-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
          },
          {
            "name": "ADV-2009-3456",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3456"
          },
          {
            "name": "SUSE-SA:2009:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
          },
          {
            "name": "37584",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37584"
          },
          {
            "name": "37902",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37902"
          },
          {
            "name": "oval:org.mitre.oval:def:15948",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
          },
          {
            "name": "1023306",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023306"
          },
          {
            "name": "RHSA-2009:1658",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
          },
          {
            "name": "oval:org.mitre.oval:def:7465",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465"
          },
          {
            "name": "20091209 ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508336/100/0/threaded"
          },
          {
            "name": "TA09-343A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
          },
          {
            "name": "38241",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38241"
          },
          {
            "name": "37199",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37199"
          },
          {
            "name": "ADV-2010-0173",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0173"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:8686",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686"
        },
        {
          "name": "RHSA-2009:1657",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
        },
        {
          "name": "1023307",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023307"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://zerodayinitiative.com/advisories/ZDI-09-092/"
        },
        {
          "name": "flash-air-jpeg-code-execution(54631)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54631"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4004"
        },
        {
          "name": "1021716",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
        },
        {
          "name": "60885",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/60885"
        },
        {
          "name": "APPLE-SA-2010-01-19-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
        },
        {
          "name": "ADV-2009-3456",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3456"
        },
        {
          "name": "SUSE-SA:2009:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "name": "37584",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37584"
        },
        {
          "name": "37902",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37902"
        },
        {
          "name": "oval:org.mitre.oval:def:15948",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
        },
        {
          "name": "1023306",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023306"
        },
        {
          "name": "RHSA-2009:1658",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
        },
        {
          "name": "oval:org.mitre.oval:def:7465",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465"
        },
        {
          "name": "20091209 ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508336/100/0/threaded"
        },
        {
          "name": "TA09-343A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
        },
        {
          "name": "38241",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38241"
        },
        {
          "name": "37199",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37199"
        },
        {
          "name": "ADV-2010-0173",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0173"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2009-3794",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:8686",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686"
            },
            {
              "name": "RHSA-2009:1657",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
            },
            {
              "name": "1023307",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023307"
            },
            {
              "name": "http://zerodayinitiative.com/advisories/ZDI-09-092/",
              "refsource": "MISC",
              "url": "http://zerodayinitiative.com/advisories/ZDI-09-092/"
            },
            {
              "name": "flash-air-jpeg-code-execution(54631)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54631"
            },
            {
              "name": "http://support.apple.com/kb/HT4004",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4004"
            },
            {
              "name": "1021716",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
            },
            {
              "name": "60885",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/60885"
            },
            {
              "name": "APPLE-SA-2010-01-19-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
            },
            {
              "name": "ADV-2009-3456",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3456"
            },
            {
              "name": "SUSE-SA:2009:062",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=543857",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
            },
            {
              "name": "37584",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37584"
            },
            {
              "name": "37902",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37902"
            },
            {
              "name": "oval:org.mitre.oval:def:15948",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
            },
            {
              "name": "1023306",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023306"
            },
            {
              "name": "RHSA-2009:1658",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
            },
            {
              "name": "oval:org.mitre.oval:def:7465",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465"
            },
            {
              "name": "20091209 ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/508336/100/0/threaded"
            },
            {
              "name": "TA09-343A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
            },
            {
              "name": "38241",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38241"
            },
            {
              "name": "37199",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37199"
            },
            {
              "name": "ADV-2010-0173",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0173"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2009-3794",
    "datePublished": "2009-12-10T19:00:00",
    "dateReserved": "2009-10-26T00:00:00",
    "dateUpdated": "2024-08-07T06:38:30.269Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-3794\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2009-12-10T19:30:00.420\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento del b\u00fafer de la pila en Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de las dimensiones manipuladas de datos JPEG en un fichero SWF.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.2\",\"matchCriteriaId\":\"0A0CABFD-DFD2-4FF1-AC2A-712D9831AE36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97F0F4B8-A8AE-4AF2-8991-36DF5478AC90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F180F403-7032-497F-955B-0CB1D5CA3A74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51905ABB-C598-415F-9B6C-26963129352A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16E50A13-564F-4CE7-8335-B99B83AA0B86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.0.32.18\",\"matchCriteriaId\":\"6EBD1150-4225-46AC-AF3A-A981FF80EB49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDFF4A51-C936-4C5B-8276-FD454C9E4F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5ECC9D7-3386-4FEA-9218-91E31FF90F3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0E93289-6EE0-401A-958D-F59D2CDAE2F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A82D5B56-44E0-4120-B73E-0A1155AF4B05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E895107-ED8A-4F88-87C3-935EAE299C01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4007D621-A0BC-4927-82A7-10D73802BCF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"641776AE-5408-439E-8290-DD9324771874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"138A932A-D775-46A2-86EC-3C03C96884C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*\",\"matchCriteriaId\":\"9D344A18-4D7B-4B9C-8A8D-AE765FCA32C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:*\",\"matchCriteriaId\":\"1DAAAEA6-ED8F-496B-81B5-E8D3E3176287\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D12E3957-D7B2-4F3B-BB64-8B50B8958DEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*\",\"matchCriteriaId\":\"F648661E-BA18-41F9-A0A7-F9D5D7E2056B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*\",\"matchCriteriaId\":\"A88BDD68-3EDD-49F4-B656-EB03BF849664\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32912721-F750-4C20-B999-E728F7D3A85D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A95FA639-346C-491C-81A8-6C2A7B01AA19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC7DD938-F963-4E03-B66B-F00436E4EA9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A0777F-22C2-4FD5-BE81-8982BE6874D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"600DDA9D-6440-48D1-8539-7127398A8678\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"934A869D-D58D-4C36-B86E-013F62790585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACFA6611-99DA-48B0-89F7-DD99B8E30334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59AF804B-BD7A-4AD7-AD44-B5D980443B8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5D52F86-2E38-4C66-9939-7603367B8D0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0557AA2A-FA3A-460A-8F03-DC74B149CA3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FC04ABF-6191-4AA5-90B2-E7A97E6C6005\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F22F1B02-CCF5-4770-A79B-1F58CA4321CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AE89894-E492-4380-8A2B-4CDD3A15667A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C6ED706-BAF2-4795-B597-6F7EE8CA8911\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"260E2CF6-4D15-4168-A933-3EC52D8F93FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D50BF190-2629-49A8-A377-4723C93FFB3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDD0A103-6D00-4D3D-9570-2DF74B6FE294\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33AC4365-576C-487A-89C5-197A26D416C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE848097-01E6-4C9B-9593-282D55CC77D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08E4028B-72E7-4E4A-AD0F-645F5AACAA29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63313ADA-3C52-47C8-9745-6BF6AEF0F6AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA646396-7C10-45A0-89A9-C75C5D8AFB3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3555324F-40F8-4BF4-BE5F-52A1E22B3AFA\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://osvdb.org/60885\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://secunia.com/advisories/37584\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37902\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://secunia.com/advisories/38241\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://securitytracker.com/id?1023306\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://securitytracker.com/id?1023307\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://support.apple.com/kb/HT4004\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-19.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1657.html\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1658.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/508336/100/0/threaded\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.securityfocus.com/bid/37199\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-343A.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3456\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0173\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://zerodayinitiative.com/advisories/ZDI-09-092/\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=543857\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/54631\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/60885\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/37584\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37902\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38241\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1023306\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1023307\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-19.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1657.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1658.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/508336/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/37199\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-343A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0173\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://zerodayinitiative.com/advisories/ZDI-09-092/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=543857\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/54631\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

RHSA-2009:1658

Vulnerability from csaf_redhat

Published

2009-12-09 16:17

Modified

2025-11-08 03:27

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 Extras and 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 9.0.260.0.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 3 Extras and 4 Extras.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nMultiple security flaws were found in the way Flash Player displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npossibly, execute arbitrary code when the victim loaded a page containing\nthe specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796,\nCVE-2009-3798, CVE-2009-3799, CVE-2009-3800)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.260.0.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1658",
        "url": "https://access.redhat.com/errata/RHSA-2009:1658"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
      },
      {
        "category": "external",
        "summary": "543857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1658.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2025-11-08T03:27:07+00:00",
      "generator": {
        "date": "2025-11-08T03:27:07+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:1658",
      "initial_release_date": "2009-12-09T16:17:00+00:00",
      "revision_history": [
        {
          "date": "2009-12-09T16:17:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-12-09T11:17:28+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-08T03:27:07+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
                  "product_id": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.260.0-1.el3.with.oss?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.260.0-1.el4.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.260.0-1.el4.i386",
                  "product_id": "flash-plugin-0:9.0.260.0-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.260.0-1.el4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-3794",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3794",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3796",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a \"data injection vulnerability.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3798",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3799",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to \"generation of ActionScript exception handlers.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3800",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    }
  ]
}

RHSA-2009:1657

Vulnerability from csaf_redhat

Published

2009-12-09 16:11

Modified

2025-11-08 03:27

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.0.42.34.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nMultiple security flaws were found in the way Flash Player displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npossibly, execute arbitrary code when the victim loaded a page containing\nthe specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796,\nCVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.42.34.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1657",
        "url": "https://access.redhat.com/errata/RHSA-2009:1657"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
      },
      {
        "category": "external",
        "summary": "543857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1657.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2025-11-08T03:27:06+00:00",
      "generator": {
        "date": "2025-11-08T03:27:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:1657",
      "initial_release_date": "2009-12-09T16:11:00+00:00",
      "revision_history": [
        {
          "date": "2009-12-09T16:11:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-12-09T11:12:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-08T03:27:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:10.0.42.34-1.el5.i386",
                "product": {
                  "name": "flash-plugin-0:10.0.42.34-1.el5.i386",
                  "product_id": "flash-plugin-0:10.0.42.34-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@10.0.42.34-1.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.42.34-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.42.34-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.42.34-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.42.34-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-3794",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3794",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3796",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a \"data injection vulnerability.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3797",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3797"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3797"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3797",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3797"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3798",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3799",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to \"generation of ActionScript exception handlers.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3800",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    }
  ]
}

rhsa-2009_1658

Vulnerability from csaf_redhat

Published

2009-12-09 16:17

Modified

2024-11-14 10:47

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 3 Extras and 4 Extras.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nMultiple security flaws were found in the way Flash Player displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npossibly, execute arbitrary code when the victim loaded a page containing\nthe specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796,\nCVE-2009-3798, CVE-2009-3799, CVE-2009-3800)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.260.0.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1658",
        "url": "https://access.redhat.com/errata/RHSA-2009:1658"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
      },
      {
        "category": "external",
        "summary": "543857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1658.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:47:37+00:00",
      "generator": {
        "date": "2024-11-14T10:47:37+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2009:1658",
      "initial_release_date": "2009-12-09T16:17:00+00:00",
      "revision_history": [
        {
          "date": "2009-12-09T16:17:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-12-09T11:17:28+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:47:37+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
                  "product_id": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.260.0-1.el3.with.oss?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.260.0-1.el4.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.260.0-1.el4.i386",
                  "product_id": "flash-plugin-0:9.0.260.0-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.260.0-1.el4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-3794",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3794",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3796",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a \"data injection vulnerability.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3798",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3799",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to \"generation of ActionScript exception handlers.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3800",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    }
  ]
}

rhsa-2009_1657

Vulnerability from csaf_redhat

Published

2009-12-09 16:11

Modified

2024-11-14 10:47

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

Details

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.0.42.34.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nMultiple security flaws were found in the way Flash Player displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npossibly, execute arbitrary code when the victim loaded a page containing\nthe specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796,\nCVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.42.34.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1657",
        "url": "https://access.redhat.com/errata/RHSA-2009:1657"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
      },
      {
        "category": "external",
        "summary": "543857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1657.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:47:33+00:00",
      "generator": {
        "date": "2024-11-14T10:47:33+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2009:1657",
      "initial_release_date": "2009-12-09T16:11:00+00:00",
      "revision_history": [
        {
          "date": "2009-12-09T16:11:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-12-09T11:12:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:47:33+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:10.0.42.34-1.el5.i386",
                "product": {
                  "name": "flash-plugin-0:10.0.42.34-1.el5.i386",
                  "product_id": "flash-plugin-0:10.0.42.34-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@10.0.42.34-1.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.42.34-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.42.34-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.42.34-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.42.34-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-3794",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3794",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3796",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a \"data injection vulnerability.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3797",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3797"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3797"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3797",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3797"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3798",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3799",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to \"generation of ActionScript exception handlers.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3800",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    }
  ]
}

rhsa-2009:1658

Vulnerability from csaf_redhat

Published

2009-12-09 16:17

Modified

2025-11-08 03:27

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 3 Extras and 4 Extras.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nMultiple security flaws were found in the way Flash Player displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npossibly, execute arbitrary code when the victim loaded a page containing\nthe specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796,\nCVE-2009-3798, CVE-2009-3799, CVE-2009-3800)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.260.0.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1658",
        "url": "https://access.redhat.com/errata/RHSA-2009:1658"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
      },
      {
        "category": "external",
        "summary": "543857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1658.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2025-11-08T03:27:07+00:00",
      "generator": {
        "date": "2025-11-08T03:27:07+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:1658",
      "initial_release_date": "2009-12-09T16:17:00+00:00",
      "revision_history": [
        {
          "date": "2009-12-09T16:17:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-12-09T11:17:28+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-08T03:27:07+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
                  "product_id": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.260.0-1.el3.with.oss?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.260.0-1.el4.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.260.0-1.el4.i386",
                  "product_id": "flash-plugin-0:9.0.260.0-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.260.0-1.el4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-3794",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3794",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3796",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a \"data injection vulnerability.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3798",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3799",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to \"generation of ActionScript exception handlers.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3800",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    }
  ]
}

rhsa-2009:1657

Vulnerability from csaf_redhat

Published

2009-12-09 16:11

Modified

2025-11-08 03:27

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

Details

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.0.42.34.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nMultiple security flaws were found in the way Flash Player displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npossibly, execute arbitrary code when the victim loaded a page containing\nthe specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796,\nCVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.42.34.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1657",
        "url": "https://access.redhat.com/errata/RHSA-2009:1657"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
      },
      {
        "category": "external",
        "summary": "543857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1657.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2025-11-08T03:27:06+00:00",
      "generator": {
        "date": "2025-11-08T03:27:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:1657",
      "initial_release_date": "2009-12-09T16:11:00+00:00",
      "revision_history": [
        {
          "date": "2009-12-09T16:11:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-12-09T11:12:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-08T03:27:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:10.0.42.34-1.el5.i386",
                "product": {
                  "name": "flash-plugin-0:10.0.42.34-1.el5.i386",
                  "product_id": "flash-plugin-0:10.0.42.34-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@10.0.42.34-1.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.42.34-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.42.34-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.42.34-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.42.34-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-3794",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3794",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3796",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a \"data injection vulnerability.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3797",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3797"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3797"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3797",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3797"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3798",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3799",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to \"generation of ActionScript exception handlers.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3800",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    }
  ]
}

ghsa-rxh4-4wmm-564x

Vulnerability from github

Published

2022-05-02 03:48

Modified

2025-04-09 04:17

Details

Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3794"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-12-10T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.",
  "id": "GHSA-rxh4-4wmm-564x",
  "modified": "2025-04-09T04:17:06Z",
  "published": "2022-05-02T03:48:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54631"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/60885"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37584"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37902"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38241"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023306"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023307"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4004"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/508336/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/37199"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3456"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0173"
    },
    {
      "type": "WEB",
      "url": "http://zerodayinitiative.com/advisories/ZDI-09-092"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-AVI-541

Vulnerability from certfr_avis

Plusieurs vulnérabilités dans Adobe Flash Player et Adobe Air permettent à une personne malintentionnée d'exécuter du code arbitraire à distance ou de porter atteinte à la confidentialité des données.

Description

Plusieurs vulnérabilités ont été découvertes dans Adobe Flash Player et Adobe Air :

une erreur dans l'interprétation de données au format JPEG permet d'exécuter du code arbitraire à distance (CVE-2009-3794) ;
plusieurs erreurs dans la gestion de la mémoire permettent d'exécuter du code arbitraire à distance (CVE-2009-3796, CVE-2009-37967, CVE-2009-3798, CVE-2009-3799 et CVE-2009-3800) ;
une vulnérabilité dans l'accès au nom d'un fichier local dans un contrôle ActiveX pour les systèmes Windows permet de porter atteinte à la confidentialité de certaines données (CVE-2009-3951).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Adobe	N/A	Adobe Flash Player 10.0.32.18 et les versions précédentes ;
	Adobe	N/A	Adobe AIR 1.5.2 et les versions précédentes.

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB09-19 du 08 décembre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player 10.0.32.18 et les versions pr\u00e9c\u00e9dentes ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe AIR 1.5.2 et les versions pr\u00e9c\u00e9dentes.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Adobe Flash Player et\nAdobe Air :\n\n-   une erreur dans l\u0027interpr\u00e9tation de donn\u00e9es au format JPEG permet\n    d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance (CVE-2009-3794) ;\n-   plusieurs erreurs dans la gestion de la m\u00e9moire permettent\n    d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance (CVE-2009-3796,\n    CVE-2009-37967, CVE-2009-3798, CVE-2009-3799 et CVE-2009-3800) ;\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027acc\u00e8s au nom d\u0027un fichier local dans un\n    contr\u00f4le ActiveX pour les syst\u00e8mes Windows permet de porter atteinte\n    \u00e0 la confidentialit\u00e9 de certaines donn\u00e9es (CVE-2009-3951).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
    },
    {
      "name": "CVE-2009-3796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
    },
    {
      "name": "CVE-2009-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3951"
    },
    {
      "name": "CVE-2009-37967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-37967"
    },
    {
      "name": "CVE-2009-3800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
    },
    {
      "name": "CVE-2009-3799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
    },
    {
      "name": "CVE-2009-3797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3797"
    },
    {
      "name": "CVE-2009-3794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
    }
  ],
  "initial_release_date": "2009-12-09T00:00:00",
  "last_revision_date": "2009-12-09T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-541",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-12-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Adobe Flash Player et Adobe Air permettent\n\u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance\nou de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Flash Player et Adobe Air",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB09-19 du 08 d\u00e9cembre 2009",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    }
  ]
}

CERTA-2010-AVI-022

Vulnerability from certfr_avis

De multiples vulnérabilités permettant, entre autre, l'exécution de code arbitraire à distance ont été découvertes dans le système d'exploitation Mac OS X d'Apple.

Description

De multiples vulnérabilités concernant les composants suivants ont été corrigées :

CoreAudio ;
CUPS ;
Flash Player plug-in ;
ImageIO ;
Image RAW ;
OpenSSL.

Elles permettent, entre autre, l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Mac OS X Server version 10.5.8 et antérieures ;
Apple	N/A	Mac OS X Server version 10.6.2 et antérieures.
Apple	N/A	Mac OS X version 10.5.8 et antérieures ;
Apple	N/A	Mac OS X version 10.6.2 et antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4004 du 19 janvier 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server version 10.5.8 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server version 10.6.2 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.5.8 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.6.2 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s concernant les composants suivants ont \u00e9t\u00e9\ncorrig\u00e9es :\n\n-   CoreAudio ;\n-   CUPS ;\n-   Flash Player plug-in ;\n-   ImageIO ;\n-   Image RAW ;\n-   OpenSSL.\n\nElles permettent, entre autre, l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
    },
    {
      "name": "CVE-2009-3796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
    },
    {
      "name": "CVE-2009-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3951"
    },
    {
      "name": "CVE-2010-0037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0037"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2010-0036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0036"
    },
    {
      "name": "CVE-2009-3553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3553"
    },
    {
      "name": "CVE-2009-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2285"
    },
    {
      "name": "CVE-2009-3800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
    },
    {
      "name": "CVE-2009-3799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
    },
    {
      "name": "CVE-2009-3797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3797"
    },
    {
      "name": "CVE-2009-3794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
    }
  ],
  "initial_release_date": "2010-01-20T00:00:00",
  "last_revision_date": "2010-01-20T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-022",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-01-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s permettant, entre autre, l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me d\u0027exploitation\nMac OS X d\u0027Apple.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4004 du 19 janvier 2010",
      "url": "http://support.apple.com/kb/HT4004"
    }
  ]
}

gsd-2009-3794

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.

Aliases

CVE-2009-3794

Aliases

CVE-2009-3794

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-3794",
    "description": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.",
    "id": "GSD-2009-3794",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-3794.html",
      "https://access.redhat.com/errata/RHSA-2009:1658",
      "https://access.redhat.com/errata/RHSA-2009:1657"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-3794"
      ],
      "details": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.",
      "id": "GSD-2009-3794",
      "modified": "2023-12-13T01:19:49.720643Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2009-3794",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:8686",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686"
          },
          {
            "name": "RHSA-2009:1657",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
          },
          {
            "name": "1023307",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1023307"
          },
          {
            "name": "http://zerodayinitiative.com/advisories/ZDI-09-092/",
            "refsource": "MISC",
            "url": "http://zerodayinitiative.com/advisories/ZDI-09-092/"
          },
          {
            "name": "flash-air-jpeg-code-execution(54631)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54631"
          },
          {
            "name": "http://support.apple.com/kb/HT4004",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4004"
          },
          {
            "name": "1021716",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
          },
          {
            "name": "60885",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/60885"
          },
          {
            "name": "APPLE-SA-2010-01-19-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
          },
          {
            "name": "ADV-2009-3456",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/3456"
          },
          {
            "name": "SUSE-SA:2009:062",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=543857",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
          },
          {
            "name": "37584",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37584"
          },
          {
            "name": "37902",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37902"
          },
          {
            "name": "oval:org.mitre.oval:def:15948",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
          },
          {
            "name": "1023306",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1023306"
          },
          {
            "name": "RHSA-2009:1658",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
          },
          {
            "name": "oval:org.mitre.oval:def:7465",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465"
          },
          {
            "name": "20091209 ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/508336/100/0/threaded"
          },
          {
            "name": "TA09-343A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
          },
          {
            "name": "38241",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38241"
          },
          {
            "name": "37199",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/37199"
          },
          {
            "name": "ADV-2010-0173",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0173"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.0.32.18",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2009-3794"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA09-343A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
            },
            {
              "name": "RHSA-2009:1657",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
            },
            {
              "name": "1023307",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1023307"
            },
            {
              "name": "1023306",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1023306"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=543857",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
            },
            {
              "name": "ADV-2009-3456",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3456"
            },
            {
              "name": "RHSA-2009:1658",
              "refsource": "REDHAT",
              "tags": [
                "Patch"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
            },
            {
              "name": "37199",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/37199"
            },
            {
              "name": "http://zerodayinitiative.com/advisories/ZDI-09-092/",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "http://zerodayinitiative.com/advisories/ZDI-09-092/"
            },
            {
              "name": "37584",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/37584"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
            },
            {
              "name": "60885",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/60885"
            },
            {
              "name": "SUSE-SA:2009:062",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
            },
            {
              "name": "37902",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/37902"
            },
            {
              "name": "http://support.apple.com/kb/HT4004",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4004"
            },
            {
              "name": "APPLE-SA-2010-01-19-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
            },
            {
              "name": "38241",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38241"
            },
            {
              "name": "ADV-2010-0173",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0173"
            },
            {
              "name": "1021716",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
            },
            {
              "name": "flash-air-jpeg-code-execution(54631)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54631"
            },
            {
              "name": "oval:org.mitre.oval:def:8686",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686"
            },
            {
              "name": "oval:org.mitre.oval:def:7465",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465"
            },
            {
              "name": "oval:org.mitre.oval:def:15948",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948"
            },
            {
              "name": "20091209 ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/508336/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-30T16:26Z",
      "publishedDate": "2009-12-10T19:30Z"
    }
  }
}

fkie_cve-2009-3794

Vulnerability from fkie_nvd

Published

2009-12-10 19:30

Modified

2025-04-09 00:30

Severity ?

Summary

Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.

References

URL	Tags
psirt@adobe.com	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
psirt@adobe.com	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
psirt@adobe.com	http://osvdb.org/60885
psirt@adobe.com	http://secunia.com/advisories/37584	Vendor Advisory
psirt@adobe.com	http://secunia.com/advisories/37902
psirt@adobe.com	http://secunia.com/advisories/38241
psirt@adobe.com	http://securitytracker.com/id?1023306
psirt@adobe.com	http://securitytracker.com/id?1023307
psirt@adobe.com	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
psirt@adobe.com	http://support.apple.com/kb/HT4004
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb09-19.html	Patch, Vendor Advisory
psirt@adobe.com	http://www.redhat.com/support/errata/RHSA-2009-1657.html
psirt@adobe.com	http://www.redhat.com/support/errata/RHSA-2009-1658.html	Patch
psirt@adobe.com	http://www.securityfocus.com/archive/1/508336/100/0/threaded
psirt@adobe.com	http://www.securityfocus.com/bid/37199
psirt@adobe.com	http://www.us-cert.gov/cas/techalerts/TA09-343A.html	US Government Resource
psirt@adobe.com	http://www.vupen.com/english/advisories/2009/3456	Patch, Vendor Advisory
psirt@adobe.com	http://www.vupen.com/english/advisories/2010/0173
psirt@adobe.com	http://zerodayinitiative.com/advisories/ZDI-09-092/	Patch
psirt@adobe.com	https://bugzilla.redhat.com/show_bug.cgi?id=543857
psirt@adobe.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/54631
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/60885
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37584	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37902
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38241
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023306
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023307
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4004
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-19.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1657.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1658.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/508336/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37199
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-343A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3456	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0173
af854a3a-2127-422b-91ae-364da2661108	http://zerodayinitiative.com/advisories/ZDI-09-092/	Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=543857
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/54631
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686

Impacted products

Vendor	Product	Version
adobe	adobe_air	*
adobe	adobe_air	1.0
adobe	adobe_air	1.0.1
adobe	adobe_air	1.1
adobe	adobe_air	1.5.1
adobe	flash_player	*
adobe	flash_player	7.0
adobe	flash_player	7.0.1
adobe	flash_player	7.0.25
adobe	flash_player	7.0.63
adobe	flash_player	7.0.69.0
adobe	flash_player	7.0.70.0
adobe	flash_player	7.1
adobe	flash_player	7.1.1
adobe	flash_player	7.2
adobe	flash_player	8
adobe	flash_player	8
adobe	flash_player	8.0
adobe	flash_player	8.0
adobe	flash_player	8.0
adobe	flash_player	8.0.24.0
adobe	flash_player	8.0.34.0
adobe	flash_player	8.0.35.0
adobe	flash_player	8.0.39.0
adobe	flash_player	9.0
adobe	flash_player	9.0.16
adobe	flash_player	9.0.18d60
adobe	flash_player	9.0.20
adobe	flash_player	9.0.20.0
adobe	flash_player	9.0.28
adobe	flash_player	9.0.28.0
adobe	flash_player	9.0.31
adobe	flash_player	9.0.31.0
adobe	flash_player	9.0.45.0
adobe	flash_player	9.0.47.0
adobe	flash_player	9.0.112.0
adobe	flash_player	9.0.114.0
adobe	flash_player	9.0.115.0
adobe	flash_player	9.0.124.0
adobe	flash_player	9.0.155.0
adobe	flash_player	9.0.159.0
adobe	flash_player	9.125.0
adobe	flash_player	10.0.0.584
adobe	flash_player	10.0.12.10
adobe	flash_player	10.0.12.36
adobe	flash_player	10.0.22.87

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A0CABFD-DFD2-4FF1-AC2A-712D9831AE36",
              "versionEndIncluding": "1.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97F0F4B8-A8AE-4AF2-8991-36DF5478AC90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F180F403-7032-497F-955B-0CB1D5CA3A74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "51905ABB-C598-415F-9B6C-26963129352A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E50A13-564F-4CE7-8335-B99B83AA0B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD1150-4225-46AC-AF3A-A981FF80EB49",
              "versionEndIncluding": "10.0.32.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*",
              "matchCriteriaId": "9D344A18-4D7B-4B9C-8A8D-AE765FCA32C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:*",
              "matchCriteriaId": "1DAAAEA6-ED8F-496B-81B5-E8D3E3176287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*",
              "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*",
              "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A0777F-22C2-4FD5-BE81-8982BE6874D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*",
              "matchCriteriaId": "600DDA9D-6440-48D1-8539-7127398A8678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5D52F86-2E38-4C66-9939-7603367B8D0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDD0A103-6D00-4D3D-9570-2DF74B6FE294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33AC4365-576C-487A-89C5-197A26D416C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE848097-01E6-4C9B-9593-282D55CC77D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA646396-7C10-45A0-89A9-C75C5D8AFB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*",
              "matchCriteriaId": "3555324F-40F8-4BF4-BE5F-52A1E22B3AFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file."
    },
    {
      "lang": "es",
      "value": "Desbordamiento del b\u00fafer de la pila en Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de las dimensiones manipuladas de datos JPEG en un fichero SWF."
    }
  ],
  "id": "CVE-2009-3794",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-12-10T19:30:00.420",
  "references": [
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://osvdb.org/60885"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37584"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://secunia.com/advisories/37902"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://secunia.com/advisories/38241"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://securitytracker.com/id?1023306"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://securitytracker.com/id?1023307"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://support.apple.com/kb/HT4004"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/archive/1/508336/100/0/threaded"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/bid/37199"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3456"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.vupen.com/english/advisories/2010/0173"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch"
      ],
      "url": "http://zerodayinitiative.com/advisories/ZDI-09-092/"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54631"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/60885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37584"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/508336/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://zerodayinitiative.com/advisories/ZDI-09-092/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54631"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-3794 (GCVE-0-2009-3794)

Vulnerability from cvelistv5

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from github

Vulnerability from certfr_avis

Description

Solution

Vulnerability from certfr_avis

Description

Solution

Vulnerability from gsd

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature