Vulnerability-Lookup

CVE-2009-3794 (GCVE-0-2009-3794)

Vulnerability from cvelistv5 – Published: 2009-12-10 19:00 – Updated: 2024-08-07 06:38

Summary

Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.

Severity ?

No CVSS data available.

CWE

Assigner

adobe

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2009-16…	vendor-advisoryx_refsource_REDHAT
	http://securitytracker.com/id?1023307	vdb-entryx_refsource_SECTRACK
	http://zerodayinitiative.com/advisories/ZDI-09-092/	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://support.apple.com/kb/HT4004	x_refsource_CONFIRM
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://osvdb.org/60885	vdb-entryx_refsource_OSVDB
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.vupen.com/english/advisories/2009/3456	vdb-entryx_refsource_VUPEN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=543857	x_refsource_CONFIRM
	http://secunia.com/advisories/37584	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/37902	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	http://securitytracker.com/id?1023306	vdb-entryx_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2009-16…	vendor-advisoryx_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/archive/1/508336/100…	mailing-listx_refsource_BUGTRAQ
	http://www.us-cert.gov/cas/techalerts/TA09-343A.html	third-party-advisoryx_refsource_CERT
	http://secunia.com/advisories/38241	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/37199	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2010/0173	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:38:30.269Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:8686",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686"
          },
          {
            "name": "RHSA-2009:1657",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
          },
          {
            "name": "1023307",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023307"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://zerodayinitiative.com/advisories/ZDI-09-092/"
          },
          {
            "name": "flash-air-jpeg-code-execution(54631)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54631"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4004"
          },
          {
            "name": "1021716",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
          },
          {
            "name": "60885",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/60885"
          },
          {
            "name": "APPLE-SA-2010-01-19-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
          },
          {
            "name": "ADV-2009-3456",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3456"
          },
          {
            "name": "SUSE-SA:2009:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
          },
          {
            "name": "37584",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37584"
          },
          {
            "name": "37902",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37902"
          },
          {
            "name": "oval:org.mitre.oval:def:15948",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
          },
          {
            "name": "1023306",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023306"
          },
          {
            "name": "RHSA-2009:1658",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
          },
          {
            "name": "oval:org.mitre.oval:def:7465",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465"
          },
          {
            "name": "20091209 ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508336/100/0/threaded"
          },
          {
            "name": "TA09-343A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
          },
          {
            "name": "38241",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38241"
          },
          {
            "name": "37199",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37199"
          },
          {
            "name": "ADV-2010-0173",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0173"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-12-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:8686",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686"
        },
        {
          "name": "RHSA-2009:1657",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
        },
        {
          "name": "1023307",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023307"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://zerodayinitiative.com/advisories/ZDI-09-092/"
        },
        {
          "name": "flash-air-jpeg-code-execution(54631)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54631"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4004"
        },
        {
          "name": "1021716",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
        },
        {
          "name": "60885",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/60885"
        },
        {
          "name": "APPLE-SA-2010-01-19-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
        },
        {
          "name": "ADV-2009-3456",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3456"
        },
        {
          "name": "SUSE-SA:2009:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "name": "37584",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37584"
        },
        {
          "name": "37902",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37902"
        },
        {
          "name": "oval:org.mitre.oval:def:15948",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
        },
        {
          "name": "1023306",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023306"
        },
        {
          "name": "RHSA-2009:1658",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
        },
        {
          "name": "oval:org.mitre.oval:def:7465",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465"
        },
        {
          "name": "20091209 ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508336/100/0/threaded"
        },
        {
          "name": "TA09-343A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
        },
        {
          "name": "38241",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38241"
        },
        {
          "name": "37199",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37199"
        },
        {
          "name": "ADV-2010-0173",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0173"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2009-3794",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:8686",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686"
            },
            {
              "name": "RHSA-2009:1657",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
            },
            {
              "name": "1023307",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023307"
            },
            {
              "name": "http://zerodayinitiative.com/advisories/ZDI-09-092/",
              "refsource": "MISC",
              "url": "http://zerodayinitiative.com/advisories/ZDI-09-092/"
            },
            {
              "name": "flash-air-jpeg-code-execution(54631)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54631"
            },
            {
              "name": "http://support.apple.com/kb/HT4004",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4004"
            },
            {
              "name": "1021716",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
            },
            {
              "name": "60885",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/60885"
            },
            {
              "name": "APPLE-SA-2010-01-19-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
            },
            {
              "name": "ADV-2009-3456",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3456"
            },
            {
              "name": "SUSE-SA:2009:062",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=543857",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
            },
            {
              "name": "37584",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37584"
            },
            {
              "name": "37902",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37902"
            },
            {
              "name": "oval:org.mitre.oval:def:15948",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
            },
            {
              "name": "1023306",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023306"
            },
            {
              "name": "RHSA-2009:1658",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
            },
            {
              "name": "oval:org.mitre.oval:def:7465",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465"
            },
            {
              "name": "20091209 ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/508336/100/0/threaded"
            },
            {
              "name": "TA09-343A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
            },
            {
              "name": "38241",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38241"
            },
            {
              "name": "37199",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37199"
            },
            {
              "name": "ADV-2010-0173",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0173"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2009-3794",
    "datePublished": "2009-12-10T19:00:00.000Z",
    "dateReserved": "2009-10-26T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:38:30.269Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2010-AVI-022

Vulnerability from certfr_avis - Published: 2010-01-20 - Updated: 2010-01-20

De multiples vulnérabilités permettant, entre autre, l'exécution de code arbitraire à distance ont été découvertes dans le système d'exploitation Mac OS X d'Apple.

Description

De multiples vulnérabilités concernant les composants suivants ont été corrigées :

CoreAudio ;
CUPS ;
Flash Player plug-in ;
ImageIO ;
Image RAW ;
OpenSSL.

Elles permettent, entre autre, l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Mac OS X Server version 10.5.8 et antérieures ;
Apple	N/A	Mac OS X Server version 10.6.2 et antérieures.
Apple	N/A	Mac OS X version 10.5.8 et antérieures ;
Apple	N/A	Mac OS X version 10.6.2 et antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4004 du 19 janvier 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server version 10.5.8 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server version 10.6.2 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.5.8 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.6.2 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s concernant les composants suivants ont \u00e9t\u00e9\ncorrig\u00e9es :\n\n-   CoreAudio ;\n-   CUPS ;\n-   Flash Player plug-in ;\n-   ImageIO ;\n-   Image RAW ;\n-   OpenSSL.\n\nElles permettent, entre autre, l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
    },
    {
      "name": "CVE-2009-3796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
    },
    {
      "name": "CVE-2009-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3951"
    },
    {
      "name": "CVE-2010-0037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0037"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2010-0036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0036"
    },
    {
      "name": "CVE-2009-3553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3553"
    },
    {
      "name": "CVE-2009-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2285"
    },
    {
      "name": "CVE-2009-3800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
    },
    {
      "name": "CVE-2009-3799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
    },
    {
      "name": "CVE-2009-3797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3797"
    },
    {
      "name": "CVE-2009-3794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
    }
  ],
  "initial_release_date": "2010-01-20T00:00:00",
  "last_revision_date": "2010-01-20T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-022",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-01-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s permettant, entre autre, l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me d\u0027exploitation\nMac OS X d\u0027Apple.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4004 du 19 janvier 2010",
      "url": "http://support.apple.com/kb/HT4004"
    }
  ]
}

CERTA-2009-AVI-541

Vulnerability from certfr_avis - Published: 2009-12-09 - Updated: 2009-12-09

Plusieurs vulnérabilités dans Adobe Flash Player et Adobe Air permettent à une personne malintentionnée d'exécuter du code arbitraire à distance ou de porter atteinte à la confidentialité des données.

Description

Plusieurs vulnérabilités ont été découvertes dans Adobe Flash Player et Adobe Air :

une erreur dans l'interprétation de données au format JPEG permet d'exécuter du code arbitraire à distance (CVE-2009-3794) ;
plusieurs erreurs dans la gestion de la mémoire permettent d'exécuter du code arbitraire à distance (CVE-2009-3796, CVE-2009-37967, CVE-2009-3798, CVE-2009-3799 et CVE-2009-3800) ;
une vulnérabilité dans l'accès au nom d'un fichier local dans un contrôle ActiveX pour les systèmes Windows permet de porter atteinte à la confidentialité de certaines données (CVE-2009-3951).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Adobe	N/A	Adobe Flash Player 10.0.32.18 et les versions précédentes ;
	Adobe	N/A	Adobe AIR 1.5.2 et les versions précédentes.

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB09-19 du 08 décembre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player 10.0.32.18 et les versions pr\u00e9c\u00e9dentes ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe AIR 1.5.2 et les versions pr\u00e9c\u00e9dentes.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Adobe Flash Player et\nAdobe Air :\n\n-   une erreur dans l\u0027interpr\u00e9tation de donn\u00e9es au format JPEG permet\n    d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance (CVE-2009-3794) ;\n-   plusieurs erreurs dans la gestion de la m\u00e9moire permettent\n    d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance (CVE-2009-3796,\n    CVE-2009-37967, CVE-2009-3798, CVE-2009-3799 et CVE-2009-3800) ;\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027acc\u00e8s au nom d\u0027un fichier local dans un\n    contr\u00f4le ActiveX pour les syst\u00e8mes Windows permet de porter atteinte\n    \u00e0 la confidentialit\u00e9 de certaines donn\u00e9es (CVE-2009-3951).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
    },
    {
      "name": "CVE-2009-3796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
    },
    {
      "name": "CVE-2009-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3951"
    },
    {
      "name": "CVE-2009-37967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-37967"
    },
    {
      "name": "CVE-2009-3800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
    },
    {
      "name": "CVE-2009-3799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
    },
    {
      "name": "CVE-2009-3797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3797"
    },
    {
      "name": "CVE-2009-3794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
    }
  ],
  "initial_release_date": "2009-12-09T00:00:00",
  "last_revision_date": "2009-12-09T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-541",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-12-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Adobe Flash Player et Adobe Air permettent\n\u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance\nou de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Flash Player et Adobe Air",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB09-19 du 08 d\u00e9cembre 2009",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    }
  ]
}

GHSA-RXH4-4WMM-564X

Vulnerability from github – Published: 2022-05-02 03:48 – Updated: 2025-04-09 04:17

Details

Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3794"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-12-10T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.",
  "id": "GHSA-rxh4-4wmm-564x",
  "modified": "2025-04-09T04:17:06Z",
  "published": "2022-05-02T03:48:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54631"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/60885"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37584"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37902"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38241"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023306"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023307"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4004"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/508336/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/37199"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3456"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0173"
    },
    {
      "type": "WEB",
      "url": "http://zerodayinitiative.com/advisories/ZDI-09-092"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2009-3794

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.

Aliases

CVE-2009-3794

Aliases

CVE-2009-3794

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-3794",
    "description": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.",
    "id": "GSD-2009-3794",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-3794.html",
      "https://access.redhat.com/errata/RHSA-2009:1658",
      "https://access.redhat.com/errata/RHSA-2009:1657"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-3794"
      ],
      "details": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.",
      "id": "GSD-2009-3794",
      "modified": "2023-12-13T01:19:49.720643Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2009-3794",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:8686",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686"
          },
          {
            "name": "RHSA-2009:1657",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
          },
          {
            "name": "1023307",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1023307"
          },
          {
            "name": "http://zerodayinitiative.com/advisories/ZDI-09-092/",
            "refsource": "MISC",
            "url": "http://zerodayinitiative.com/advisories/ZDI-09-092/"
          },
          {
            "name": "flash-air-jpeg-code-execution(54631)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54631"
          },
          {
            "name": "http://support.apple.com/kb/HT4004",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4004"
          },
          {
            "name": "1021716",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
          },
          {
            "name": "60885",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/60885"
          },
          {
            "name": "APPLE-SA-2010-01-19-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
          },
          {
            "name": "ADV-2009-3456",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/3456"
          },
          {
            "name": "SUSE-SA:2009:062",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=543857",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
          },
          {
            "name": "37584",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37584"
          },
          {
            "name": "37902",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37902"
          },
          {
            "name": "oval:org.mitre.oval:def:15948",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
          },
          {
            "name": "1023306",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1023306"
          },
          {
            "name": "RHSA-2009:1658",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
          },
          {
            "name": "oval:org.mitre.oval:def:7465",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465"
          },
          {
            "name": "20091209 ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/508336/100/0/threaded"
          },
          {
            "name": "TA09-343A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
          },
          {
            "name": "38241",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38241"
          },
          {
            "name": "37199",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/37199"
          },
          {
            "name": "ADV-2010-0173",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0173"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.0.32.18",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2009-3794"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA09-343A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
            },
            {
              "name": "RHSA-2009:1657",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
            },
            {
              "name": "1023307",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1023307"
            },
            {
              "name": "1023306",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1023306"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=543857",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
            },
            {
              "name": "ADV-2009-3456",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3456"
            },
            {
              "name": "RHSA-2009:1658",
              "refsource": "REDHAT",
              "tags": [
                "Patch"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
            },
            {
              "name": "37199",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/37199"
            },
            {
              "name": "http://zerodayinitiative.com/advisories/ZDI-09-092/",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "http://zerodayinitiative.com/advisories/ZDI-09-092/"
            },
            {
              "name": "37584",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/37584"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
            },
            {
              "name": "60885",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/60885"
            },
            {
              "name": "SUSE-SA:2009:062",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
            },
            {
              "name": "37902",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/37902"
            },
            {
              "name": "http://support.apple.com/kb/HT4004",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4004"
            },
            {
              "name": "APPLE-SA-2010-01-19-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
            },
            {
              "name": "38241",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38241"
            },
            {
              "name": "ADV-2010-0173",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0173"
            },
            {
              "name": "1021716",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
            },
            {
              "name": "flash-air-jpeg-code-execution(54631)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54631"
            },
            {
              "name": "oval:org.mitre.oval:def:8686",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686"
            },
            {
              "name": "oval:org.mitre.oval:def:7465",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465"
            },
            {
              "name": "oval:org.mitre.oval:def:15948",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948"
            },
            {
              "name": "20091209 ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/508336/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-30T16:26Z",
      "publishedDate": "2009-12-10T19:30Z"
    }
  }
}

FKIE_CVE-2009-3794

Vulnerability from fkie_nvd - Published: 2009-12-10 19:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.

References

URL	Tags
psirt@adobe.com	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
psirt@adobe.com	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
psirt@adobe.com	http://osvdb.org/60885
psirt@adobe.com	http://secunia.com/advisories/37584	Vendor Advisory
psirt@adobe.com	http://secunia.com/advisories/37902
psirt@adobe.com	http://secunia.com/advisories/38241
psirt@adobe.com	http://securitytracker.com/id?1023306
psirt@adobe.com	http://securitytracker.com/id?1023307
psirt@adobe.com	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
psirt@adobe.com	http://support.apple.com/kb/HT4004
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb09-19.html	Patch, Vendor Advisory
psirt@adobe.com	http://www.redhat.com/support/errata/RHSA-2009-1657.html
psirt@adobe.com	http://www.redhat.com/support/errata/RHSA-2009-1658.html	Patch
psirt@adobe.com	http://www.securityfocus.com/archive/1/508336/100/0/threaded
psirt@adobe.com	http://www.securityfocus.com/bid/37199
psirt@adobe.com	http://www.us-cert.gov/cas/techalerts/TA09-343A.html	US Government Resource
psirt@adobe.com	http://www.vupen.com/english/advisories/2009/3456	Patch, Vendor Advisory
psirt@adobe.com	http://www.vupen.com/english/advisories/2010/0173
psirt@adobe.com	http://zerodayinitiative.com/advisories/ZDI-09-092/	Patch
psirt@adobe.com	https://bugzilla.redhat.com/show_bug.cgi?id=543857
psirt@adobe.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/54631
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/60885
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37584	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37902
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38241
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023306
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023307
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4004
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-19.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1657.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1658.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/508336/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37199
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-343A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3456	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0173
af854a3a-2127-422b-91ae-364da2661108	http://zerodayinitiative.com/advisories/ZDI-09-092/	Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=543857
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/54631
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686

Impacted products

Vendor	Product	Version
adobe	adobe_air	*
adobe	adobe_air	1.0
adobe	adobe_air	1.0.1
adobe	adobe_air	1.1
adobe	adobe_air	1.5.1
adobe	flash_player	*
adobe	flash_player	7.0
adobe	flash_player	7.0.1
adobe	flash_player	7.0.25
adobe	flash_player	7.0.63
adobe	flash_player	7.0.69.0
adobe	flash_player	7.0.70.0
adobe	flash_player	7.1
adobe	flash_player	7.1.1
adobe	flash_player	7.2
adobe	flash_player	8
adobe	flash_player	8
adobe	flash_player	8.0
adobe	flash_player	8.0
adobe	flash_player	8.0
adobe	flash_player	8.0.24.0
adobe	flash_player	8.0.34.0
adobe	flash_player	8.0.35.0
adobe	flash_player	8.0.39.0
adobe	flash_player	9.0
adobe	flash_player	9.0.16
adobe	flash_player	9.0.18d60
adobe	flash_player	9.0.20
adobe	flash_player	9.0.20.0
adobe	flash_player	9.0.28
adobe	flash_player	9.0.28.0
adobe	flash_player	9.0.31
adobe	flash_player	9.0.31.0
adobe	flash_player	9.0.45.0
adobe	flash_player	9.0.47.0
adobe	flash_player	9.0.112.0
adobe	flash_player	9.0.114.0
adobe	flash_player	9.0.115.0
adobe	flash_player	9.0.124.0
adobe	flash_player	9.0.155.0
adobe	flash_player	9.0.159.0
adobe	flash_player	9.125.0
adobe	flash_player	10.0.0.584
adobe	flash_player	10.0.12.10
adobe	flash_player	10.0.12.36
adobe	flash_player	10.0.22.87

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A0CABFD-DFD2-4FF1-AC2A-712D9831AE36",
              "versionEndIncluding": "1.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97F0F4B8-A8AE-4AF2-8991-36DF5478AC90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F180F403-7032-497F-955B-0CB1D5CA3A74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "51905ABB-C598-415F-9B6C-26963129352A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E50A13-564F-4CE7-8335-B99B83AA0B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD1150-4225-46AC-AF3A-A981FF80EB49",
              "versionEndIncluding": "10.0.32.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*",
              "matchCriteriaId": "9D344A18-4D7B-4B9C-8A8D-AE765FCA32C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:*",
              "matchCriteriaId": "1DAAAEA6-ED8F-496B-81B5-E8D3E3176287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*",
              "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*",
              "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A0777F-22C2-4FD5-BE81-8982BE6874D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*",
              "matchCriteriaId": "600DDA9D-6440-48D1-8539-7127398A8678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5D52F86-2E38-4C66-9939-7603367B8D0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDD0A103-6D00-4D3D-9570-2DF74B6FE294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33AC4365-576C-487A-89C5-197A26D416C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE848097-01E6-4C9B-9593-282D55CC77D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA646396-7C10-45A0-89A9-C75C5D8AFB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*",
              "matchCriteriaId": "3555324F-40F8-4BF4-BE5F-52A1E22B3AFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file."
    },
    {
      "lang": "es",
      "value": "Desbordamiento del b\u00fafer de la pila en Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de las dimensiones manipuladas de datos JPEG en un fichero SWF."
    }
  ],
  "id": "CVE-2009-3794",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-12-10T19:30:00.420",
  "references": [
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://osvdb.org/60885"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37584"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://secunia.com/advisories/37902"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://secunia.com/advisories/38241"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://securitytracker.com/id?1023306"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://securitytracker.com/id?1023307"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://support.apple.com/kb/HT4004"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/archive/1/508336/100/0/threaded"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/bid/37199"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3456"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.vupen.com/english/advisories/2010/0173"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch"
      ],
      "url": "http://zerodayinitiative.com/advisories/ZDI-09-092/"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54631"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/60885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37584"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/508336/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://zerodayinitiative.com/advisories/ZDI-09-092/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54631"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-3794 (GCVE-0-2009-3794)

CERTA-2010-AVI-022

Description

Solution

CERTA-2009-AVI-541

Description

Solution

GHSA-RXH4-4WMM-564X

GSD-2009-3794

FKIE_CVE-2009-3794

Tags

Sightings

Nomenclature