Vulnerability-Lookup

CVE-2009-3797 (GCVE-0-2009-3797)

Vulnerability from cvelistv5 – Published: 2009-12-10 19:00 – Updated: 2024-08-07 06:38

Summary

Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.

Severity ?

No CVSS data available.

CWE

Assigner

adobe

References

URL

Tags

	http://www.redhat.com/support/errata/RHSA-2009-16…	vendor-advisoryx_refsource_REDHAT
	http://securitytracker.com/id?1023307	vdb-entryx_refsource_SECTRACK
	http://support.apple.com/kb/HT4004	x_refsource_CONFIRM
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.vupen.com/english/advisories/2009/3456	vdb-entryx_refsource_VUPEN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=543857	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/37584	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/37902	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	http://securitytracker.com/id?1023306	vdb-entryx_refsource_SECTRACK
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.us-cert.gov/cas/techalerts/TA09-343A.html	third-party-advisoryx_refsource_CERT
	http://secunia.com/advisories/38241	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/37199	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.vupen.com/english/advisories/2010/0173	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:38:30.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2009:1657",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
          },
          {
            "name": "1023307",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023307"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4004"
          },
          {
            "name": "1021716",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
          },
          {
            "name": "APPLE-SA-2010-01-19-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
          },
          {
            "name": "ADV-2009-3456",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3456"
          },
          {
            "name": "SUSE-SA:2009:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
          },
          {
            "name": "flash-air-corruption-code-execution(54633)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54633"
          },
          {
            "name": "37584",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37584"
          },
          {
            "name": "37902",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37902"
          },
          {
            "name": "oval:org.mitre.oval:def:7140",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7140"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
          },
          {
            "name": "1023306",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023306"
          },
          {
            "name": "oval:org.mitre.oval:def:8350",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8350"
          },
          {
            "name": "TA09-343A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
          },
          {
            "name": "38241",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38241"
          },
          {
            "name": "37199",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37199"
          },
          {
            "name": "oval:org.mitre.oval:def:15795",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15795"
          },
          {
            "name": "ADV-2010-0173",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0173"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-12-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "RHSA-2009:1657",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
        },
        {
          "name": "1023307",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023307"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4004"
        },
        {
          "name": "1021716",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
        },
        {
          "name": "APPLE-SA-2010-01-19-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
        },
        {
          "name": "ADV-2009-3456",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3456"
        },
        {
          "name": "SUSE-SA:2009:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "name": "flash-air-corruption-code-execution(54633)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54633"
        },
        {
          "name": "37584",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37584"
        },
        {
          "name": "37902",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37902"
        },
        {
          "name": "oval:org.mitre.oval:def:7140",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7140"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
        },
        {
          "name": "1023306",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023306"
        },
        {
          "name": "oval:org.mitre.oval:def:8350",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8350"
        },
        {
          "name": "TA09-343A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
        },
        {
          "name": "38241",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38241"
        },
        {
          "name": "37199",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37199"
        },
        {
          "name": "oval:org.mitre.oval:def:15795",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15795"
        },
        {
          "name": "ADV-2010-0173",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0173"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2009-3797",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2009:1657",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
            },
            {
              "name": "1023307",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023307"
            },
            {
              "name": "http://support.apple.com/kb/HT4004",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4004"
            },
            {
              "name": "1021716",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
            },
            {
              "name": "APPLE-SA-2010-01-19-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
            },
            {
              "name": "ADV-2009-3456",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3456"
            },
            {
              "name": "SUSE-SA:2009:062",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=543857",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
            },
            {
              "name": "flash-air-corruption-code-execution(54633)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54633"
            },
            {
              "name": "37584",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37584"
            },
            {
              "name": "37902",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37902"
            },
            {
              "name": "oval:org.mitre.oval:def:7140",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7140"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
            },
            {
              "name": "1023306",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023306"
            },
            {
              "name": "oval:org.mitre.oval:def:8350",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8350"
            },
            {
              "name": "TA09-343A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
            },
            {
              "name": "38241",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38241"
            },
            {
              "name": "37199",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37199"
            },
            {
              "name": "oval:org.mitre.oval:def:15795",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15795"
            },
            {
              "name": "ADV-2010-0173",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0173"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2009-3797",
    "datePublished": "2009-12-10T19:00:00.000Z",
    "dateReserved": "2009-10-26T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:38:30.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2010-AVI-022

Vulnerability from certfr_avis - Published: 2010-01-20 - Updated: 2010-01-20

De multiples vulnérabilités permettant, entre autre, l'exécution de code arbitraire à distance ont été découvertes dans le système d'exploitation Mac OS X d'Apple.

Description

De multiples vulnérabilités concernant les composants suivants ont été corrigées :

CoreAudio ;
CUPS ;
Flash Player plug-in ;
ImageIO ;
Image RAW ;
OpenSSL.

Elles permettent, entre autre, l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Mac OS X Server version 10.5.8 et antérieures ;
Apple	N/A	Mac OS X Server version 10.6.2 et antérieures.
Apple	N/A	Mac OS X version 10.5.8 et antérieures ;
Apple	N/A	Mac OS X version 10.6.2 et antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4004 du 19 janvier 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server version 10.5.8 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server version 10.6.2 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.5.8 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.6.2 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s concernant les composants suivants ont \u00e9t\u00e9\ncorrig\u00e9es :\n\n-   CoreAudio ;\n-   CUPS ;\n-   Flash Player plug-in ;\n-   ImageIO ;\n-   Image RAW ;\n-   OpenSSL.\n\nElles permettent, entre autre, l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
    },
    {
      "name": "CVE-2009-3796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
    },
    {
      "name": "CVE-2009-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3951"
    },
    {
      "name": "CVE-2010-0037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0037"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2010-0036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0036"
    },
    {
      "name": "CVE-2009-3553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3553"
    },
    {
      "name": "CVE-2009-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2285"
    },
    {
      "name": "CVE-2009-3800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
    },
    {
      "name": "CVE-2009-3799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
    },
    {
      "name": "CVE-2009-3797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3797"
    },
    {
      "name": "CVE-2009-3794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
    }
  ],
  "initial_release_date": "2010-01-20T00:00:00",
  "last_revision_date": "2010-01-20T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-022",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-01-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s permettant, entre autre, l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me d\u0027exploitation\nMac OS X d\u0027Apple.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4004 du 19 janvier 2010",
      "url": "http://support.apple.com/kb/HT4004"
    }
  ]
}

CERTA-2009-AVI-541

Vulnerability from certfr_avis - Published: 2009-12-09 - Updated: 2009-12-09

Plusieurs vulnérabilités dans Adobe Flash Player et Adobe Air permettent à une personne malintentionnée d'exécuter du code arbitraire à distance ou de porter atteinte à la confidentialité des données.

Description

Plusieurs vulnérabilités ont été découvertes dans Adobe Flash Player et Adobe Air :

une erreur dans l'interprétation de données au format JPEG permet d'exécuter du code arbitraire à distance (CVE-2009-3794) ;
plusieurs erreurs dans la gestion de la mémoire permettent d'exécuter du code arbitraire à distance (CVE-2009-3796, CVE-2009-37967, CVE-2009-3798, CVE-2009-3799 et CVE-2009-3800) ;
une vulnérabilité dans l'accès au nom d'un fichier local dans un contrôle ActiveX pour les systèmes Windows permet de porter atteinte à la confidentialité de certaines données (CVE-2009-3951).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Adobe	N/A	Adobe Flash Player 10.0.32.18 et les versions précédentes ;
	Adobe	N/A	Adobe AIR 1.5.2 et les versions précédentes.

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB09-19 du 08 décembre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player 10.0.32.18 et les versions pr\u00e9c\u00e9dentes ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe AIR 1.5.2 et les versions pr\u00e9c\u00e9dentes.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Adobe Flash Player et\nAdobe Air :\n\n-   une erreur dans l\u0027interpr\u00e9tation de donn\u00e9es au format JPEG permet\n    d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance (CVE-2009-3794) ;\n-   plusieurs erreurs dans la gestion de la m\u00e9moire permettent\n    d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance (CVE-2009-3796,\n    CVE-2009-37967, CVE-2009-3798, CVE-2009-3799 et CVE-2009-3800) ;\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027acc\u00e8s au nom d\u0027un fichier local dans un\n    contr\u00f4le ActiveX pour les syst\u00e8mes Windows permet de porter atteinte\n    \u00e0 la confidentialit\u00e9 de certaines donn\u00e9es (CVE-2009-3951).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
    },
    {
      "name": "CVE-2009-3796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
    },
    {
      "name": "CVE-2009-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3951"
    },
    {
      "name": "CVE-2009-37967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-37967"
    },
    {
      "name": "CVE-2009-3800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
    },
    {
      "name": "CVE-2009-3799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
    },
    {
      "name": "CVE-2009-3797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3797"
    },
    {
      "name": "CVE-2009-3794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
    }
  ],
  "initial_release_date": "2009-12-09T00:00:00",
  "last_revision_date": "2009-12-09T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-541",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-12-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Adobe Flash Player et Adobe Air permettent\n\u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance\nou de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Flash Player et Adobe Air",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB09-19 du 08 d\u00e9cembre 2009",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    }
  ]
}

GSD-2009-3797

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.

Aliases

CVE-2009-3797

Aliases

CVE-2009-3797

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-3797",
    "description": "Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
    "id": "GSD-2009-3797",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-3797.html",
      "https://access.redhat.com/errata/RHSA-2009:1657"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-3797"
      ],
      "details": "Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
      "id": "GSD-2009-3797",
      "modified": "2023-12-13T01:19:49.082267Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2009-3797",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2009:1657",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
          },
          {
            "name": "1023307",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1023307"
          },
          {
            "name": "http://support.apple.com/kb/HT4004",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4004"
          },
          {
            "name": "1021716",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
          },
          {
            "name": "APPLE-SA-2010-01-19-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
          },
          {
            "name": "ADV-2009-3456",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/3456"
          },
          {
            "name": "SUSE-SA:2009:062",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=543857",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
          },
          {
            "name": "flash-air-corruption-code-execution(54633)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54633"
          },
          {
            "name": "37584",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37584"
          },
          {
            "name": "37902",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37902"
          },
          {
            "name": "oval:org.mitre.oval:def:7140",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7140"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
          },
          {
            "name": "1023306",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1023306"
          },
          {
            "name": "oval:org.mitre.oval:def:8350",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8350"
          },
          {
            "name": "TA09-343A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
          },
          {
            "name": "38241",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38241"
          },
          {
            "name": "37199",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/37199"
          },
          {
            "name": "oval:org.mitre.oval:def:15795",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15795"
          },
          {
            "name": "ADV-2010-0173",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0173"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2009-3797"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
            },
            {
              "name": "ADV-2009-3456",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3456"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=543857",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
            },
            {
              "name": "TA09-343A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
            },
            {
              "name": "37584",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/37584"
            },
            {
              "name": "RHSA-2009:1657",
              "refsource": "REDHAT",
              "tags": [
                "Patch"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
            },
            {
              "name": "1023306",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1023306"
            },
            {
              "name": "1023307",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1023307"
            },
            {
              "name": "37199",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/37199"
            },
            {
              "name": "SUSE-SA:2009:062",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
            },
            {
              "name": "37902",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/37902"
            },
            {
              "name": "APPLE-SA-2010-01-19-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4004",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4004"
            },
            {
              "name": "ADV-2010-0173",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0173"
            },
            {
              "name": "38241",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38241"
            },
            {
              "name": "1021716",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
            },
            {
              "name": "flash-air-corruption-code-execution(54633)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54633"
            },
            {
              "name": "oval:org.mitre.oval:def:8350",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8350"
            },
            {
              "name": "oval:org.mitre.oval:def:7140",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7140"
            },
            {
              "name": "oval:org.mitre.oval:def:15795",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15795"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-19T01:29Z",
      "publishedDate": "2009-12-10T19:30Z"
    }
  }
}

GHSA-8V55-2H3G-6WVR

Vulnerability from github – Published: 2022-05-02 03:48 – Updated: 2022-05-02 03:48

Details

Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3797"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-12-10T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
  "id": "GHSA-8v55-2h3g-6wvr",
  "modified": "2022-05-02T03:48:33Z",
  "published": "2022-05-02T03:48:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3797"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54633"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15795"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7140"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8350"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37584"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37902"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38241"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023306"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023307"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4004"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/37199"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3456"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0173"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2009-3797

Vulnerability from fkie_nvd - Published: 2009-12-10 19:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.

References

URL	Tags
psirt@adobe.com	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
psirt@adobe.com	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
psirt@adobe.com	http://secunia.com/advisories/37584	Vendor Advisory
psirt@adobe.com	http://secunia.com/advisories/37902
psirt@adobe.com	http://secunia.com/advisories/38241
psirt@adobe.com	http://securitytracker.com/id?1023306	Patch
psirt@adobe.com	http://securitytracker.com/id?1023307	Patch
psirt@adobe.com	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
psirt@adobe.com	http://support.apple.com/kb/HT4004
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb09-19.html	Patch, Vendor Advisory
psirt@adobe.com	http://www.redhat.com/support/errata/RHSA-2009-1657.html	Patch
psirt@adobe.com	http://www.securityfocus.com/bid/37199
psirt@adobe.com	http://www.us-cert.gov/cas/techalerts/TA09-343A.html	US Government Resource
psirt@adobe.com	http://www.vupen.com/english/advisories/2009/3456	Patch, Vendor Advisory
psirt@adobe.com	http://www.vupen.com/english/advisories/2010/0173
psirt@adobe.com	https://bugzilla.redhat.com/show_bug.cgi?id=543857	Patch
psirt@adobe.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/54633
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15795
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7140
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8350
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37584	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37902
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38241
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023306	Patch
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023307	Patch
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4004
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-19.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1657.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37199
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-343A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3456	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0173
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=543857	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/54633
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15795
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7140
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8350

Impacted products

Vendor	Product	Version
adobe	adobe_air	*
adobe	adobe_air	1.0
adobe	adobe_air	1.0.1
adobe	adobe_air	1.1
adobe	adobe_air	1.5.1
adobe	flash_player	10.0.0.584
adobe	flash_player	10.0.12.10
adobe	flash_player	10.0.12.36
adobe	flash_player	10.0.22.87
adobe	flash_player	10.0.32.18

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A0CABFD-DFD2-4FF1-AC2A-712D9831AE36",
              "versionEndIncluding": "1.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97F0F4B8-A8AE-4AF2-8991-36DF5478AC90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F180F403-7032-497F-955B-0CB1D5CA3A74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "51905ABB-C598-415F-9B6C-26963129352A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E50A13-564F-4CE7-8335-B99B83AA0B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA646396-7C10-45A0-89A9-C75C5D8AFB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*",
              "matchCriteriaId": "3555324F-40F8-4BF4-BE5F-52A1E22B3AFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "60540FDE-8C31-4679-A85E-614B1EFE1FF0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption."
    },
    {
      "lang": "es",
      "value": "Adobe Flash Player v10.x anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 podr\u00eda permitir a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores que inicia una corrupci\u00f3n de memoria."
    }
  ],
  "id": "CVE-2009-3797",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-12-10T19:30:00.500",
  "references": [
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37584"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://secunia.com/advisories/37902"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://secunia.com/advisories/38241"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1023306"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1023307"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://support.apple.com/kb/HT4004"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/bid/37199"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3456"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.vupen.com/english/advisories/2010/0173"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54633"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15795"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7140"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8350"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37584"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1023306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1023307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54633"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8350"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-3797 (GCVE-0-2009-3797)

CERTA-2010-AVI-022

Description

Solution

CERTA-2009-AVI-541

Description

Solution

GSD-2009-3797

GHSA-8V55-2H3G-6WVR

FKIE_CVE-2009-3797

Tags

Sightings

Nomenclature