Vulnerability-Lookup

CVE-2009-3951 (GCVE-0-2009-3951)

Vulnerability from cvelistv5 – Published: 2009-12-10 19:00 – Updated: 2024-08-07 06:45

Summary

Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.

Severity ?

No CVSS data available.

CWE

Assigner

adobe

References

URL

Tags

	http://securitytracker.com/id?1023307	vdb-entryx_refsource_SECTRACK
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://support.apple.com/kb/HT4004	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.vupen.com/english/advisories/2009/3456	vdb-entryx_refsource_VUPEN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/37584	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/37902	third-party-advisoryx_refsource_SECUNIA
	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	http://osvdb.org/60891	vdb-entryx_refsource_OSVDB
	http://www.us-cert.gov/cas/techalerts/TA09-343A.html	third-party-advisoryx_refsource_CERT
	http://secunia.com/advisories/38241	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/37199	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2010/0173	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:50.905Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1023307",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023307"
          },
          {
            "name": "oval:org.mitre.oval:def:6663",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6663"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4004"
          },
          {
            "name": "APPLE-SA-2010-01-19-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
          },
          {
            "name": "ADV-2009-3456",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3456"
          },
          {
            "name": "SUSE-SA:2009:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
          },
          {
            "name": "37584",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37584"
          },
          {
            "name": "37902",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37902"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
          },
          {
            "name": "60891",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/60891"
          },
          {
            "name": "TA09-343A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
          },
          {
            "name": "38241",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38241"
          },
          {
            "name": "flash-activex-information-disclosure(54637)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54637"
          },
          {
            "name": "37199",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37199"
          },
          {
            "name": "ADV-2010-0173",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0173"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-12-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "1023307",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023307"
        },
        {
          "name": "oval:org.mitre.oval:def:6663",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6663"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4004"
        },
        {
          "name": "APPLE-SA-2010-01-19-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
        },
        {
          "name": "ADV-2009-3456",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3456"
        },
        {
          "name": "SUSE-SA:2009:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
        },
        {
          "name": "37584",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37584"
        },
        {
          "name": "37902",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37902"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
        },
        {
          "name": "60891",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/60891"
        },
        {
          "name": "TA09-343A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
        },
        {
          "name": "38241",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38241"
        },
        {
          "name": "flash-activex-information-disclosure(54637)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54637"
        },
        {
          "name": "37199",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37199"
        },
        {
          "name": "ADV-2010-0173",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0173"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2009-3951",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1023307",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023307"
            },
            {
              "name": "oval:org.mitre.oval:def:6663",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6663"
            },
            {
              "name": "http://support.apple.com/kb/HT4004",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4004"
            },
            {
              "name": "APPLE-SA-2010-01-19-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
            },
            {
              "name": "ADV-2009-3456",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3456"
            },
            {
              "name": "SUSE-SA:2009:062",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
            },
            {
              "name": "37584",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37584"
            },
            {
              "name": "37902",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37902"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
            },
            {
              "name": "60891",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/60891"
            },
            {
              "name": "TA09-343A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
            },
            {
              "name": "38241",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38241"
            },
            {
              "name": "flash-activex-information-disclosure(54637)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54637"
            },
            {
              "name": "37199",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37199"
            },
            {
              "name": "ADV-2010-0173",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0173"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2009-3951",
    "datePublished": "2009-12-10T19:00:00.000Z",
    "dateReserved": "2009-11-16T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:45:50.905Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2010-AVI-022

Vulnerability from certfr_avis - Published: 2010-01-20 - Updated: 2010-01-20

De multiples vulnérabilités permettant, entre autre, l'exécution de code arbitraire à distance ont été découvertes dans le système d'exploitation Mac OS X d'Apple.

Description

De multiples vulnérabilités concernant les composants suivants ont été corrigées :

CoreAudio ;
CUPS ;
Flash Player plug-in ;
ImageIO ;
Image RAW ;
OpenSSL.

Elles permettent, entre autre, l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Mac OS X Server version 10.5.8 et antérieures ;
Apple	N/A	Mac OS X Server version 10.6.2 et antérieures.
Apple	N/A	Mac OS X version 10.5.8 et antérieures ;
Apple	N/A	Mac OS X version 10.6.2 et antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4004 du 19 janvier 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server version 10.5.8 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server version 10.6.2 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.5.8 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.6.2 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s concernant les composants suivants ont \u00e9t\u00e9\ncorrig\u00e9es :\n\n-   CoreAudio ;\n-   CUPS ;\n-   Flash Player plug-in ;\n-   ImageIO ;\n-   Image RAW ;\n-   OpenSSL.\n\nElles permettent, entre autre, l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
    },
    {
      "name": "CVE-2009-3796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
    },
    {
      "name": "CVE-2009-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3951"
    },
    {
      "name": "CVE-2010-0037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0037"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2010-0036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0036"
    },
    {
      "name": "CVE-2009-3553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3553"
    },
    {
      "name": "CVE-2009-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2285"
    },
    {
      "name": "CVE-2009-3800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
    },
    {
      "name": "CVE-2009-3799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
    },
    {
      "name": "CVE-2009-3797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3797"
    },
    {
      "name": "CVE-2009-3794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
    }
  ],
  "initial_release_date": "2010-01-20T00:00:00",
  "last_revision_date": "2010-01-20T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-022",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-01-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s permettant, entre autre, l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me d\u0027exploitation\nMac OS X d\u0027Apple.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4004 du 19 janvier 2010",
      "url": "http://support.apple.com/kb/HT4004"
    }
  ]
}

CERTA-2009-AVI-541

Vulnerability from certfr_avis - Published: 2009-12-09 - Updated: 2009-12-09

Plusieurs vulnérabilités dans Adobe Flash Player et Adobe Air permettent à une personne malintentionnée d'exécuter du code arbitraire à distance ou de porter atteinte à la confidentialité des données.

Description

Plusieurs vulnérabilités ont été découvertes dans Adobe Flash Player et Adobe Air :

une erreur dans l'interprétation de données au format JPEG permet d'exécuter du code arbitraire à distance (CVE-2009-3794) ;
plusieurs erreurs dans la gestion de la mémoire permettent d'exécuter du code arbitraire à distance (CVE-2009-3796, CVE-2009-37967, CVE-2009-3798, CVE-2009-3799 et CVE-2009-3800) ;
une vulnérabilité dans l'accès au nom d'un fichier local dans un contrôle ActiveX pour les systèmes Windows permet de porter atteinte à la confidentialité de certaines données (CVE-2009-3951).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Adobe	N/A	Adobe Flash Player 10.0.32.18 et les versions précédentes ;
	Adobe	N/A	Adobe AIR 1.5.2 et les versions précédentes.

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB09-19 du 08 décembre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player 10.0.32.18 et les versions pr\u00e9c\u00e9dentes ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe AIR 1.5.2 et les versions pr\u00e9c\u00e9dentes.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Adobe Flash Player et\nAdobe Air :\n\n-   une erreur dans l\u0027interpr\u00e9tation de donn\u00e9es au format JPEG permet\n    d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance (CVE-2009-3794) ;\n-   plusieurs erreurs dans la gestion de la m\u00e9moire permettent\n    d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance (CVE-2009-3796,\n    CVE-2009-37967, CVE-2009-3798, CVE-2009-3799 et CVE-2009-3800) ;\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027acc\u00e8s au nom d\u0027un fichier local dans un\n    contr\u00f4le ActiveX pour les syst\u00e8mes Windows permet de porter atteinte\n    \u00e0 la confidentialit\u00e9 de certaines donn\u00e9es (CVE-2009-3951).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
    },
    {
      "name": "CVE-2009-3796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
    },
    {
      "name": "CVE-2009-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3951"
    },
    {
      "name": "CVE-2009-37967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-37967"
    },
    {
      "name": "CVE-2009-3800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
    },
    {
      "name": "CVE-2009-3799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
    },
    {
      "name": "CVE-2009-3797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3797"
    },
    {
      "name": "CVE-2009-3794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
    }
  ],
  "initial_release_date": "2009-12-09T00:00:00",
  "last_revision_date": "2009-12-09T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-541",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-12-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Adobe Flash Player et Adobe Air permettent\n\u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance\nou de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Flash Player et Adobe Air",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB09-19 du 08 d\u00e9cembre 2009",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    }
  ]
}

FKIE_CVE-2009-3951

Vulnerability from fkie_nvd - Published: 2009-12-10 19:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
psirt@adobe.com	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
psirt@adobe.com	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
psirt@adobe.com	http://osvdb.org/60891
psirt@adobe.com	http://secunia.com/advisories/37584	Vendor Advisory
psirt@adobe.com	http://secunia.com/advisories/37902
psirt@adobe.com	http://secunia.com/advisories/38241
psirt@adobe.com	http://securitytracker.com/id?1023307	Patch
psirt@adobe.com	http://support.apple.com/kb/HT4004
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb09-19.html	Patch, Vendor Advisory
psirt@adobe.com	http://www.securityfocus.com/bid/37199
psirt@adobe.com	http://www.us-cert.gov/cas/techalerts/TA09-343A.html	US Government Resource
psirt@adobe.com	http://www.vupen.com/english/advisories/2009/3456	Patch, Vendor Advisory
psirt@adobe.com	http://www.vupen.com/english/advisories/2010/0173
psirt@adobe.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/54637
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6663
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/60891
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37584	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37902
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38241
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023307	Patch
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4004
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-19.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37199
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-343A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3456	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0173
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/54637
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6663

Impacted products

Vendor	Product	Version
microsoft	windows	*
adobe	adobe_air	*
adobe	adobe_air	1.0
adobe	adobe_air	1.0.1
adobe	adobe_air	1.1
adobe	adobe_air	1.5.1
adobe	flash_player	*
adobe	flash_player	7.0
adobe	flash_player	7.0.1
adobe	flash_player	7.0.25
adobe	flash_player	7.0.63
adobe	flash_player	7.0.69.0
adobe	flash_player	7.0.70.0
adobe	flash_player	7.1
adobe	flash_player	7.1.1
adobe	flash_player	7.2
adobe	flash_player	8
adobe	flash_player	8
adobe	flash_player	8.0
adobe	flash_player	8.0
adobe	flash_player	8.0
adobe	flash_player	8.0.24.0
adobe	flash_player	8.0.34.0
adobe	flash_player	8.0.35.0
adobe	flash_player	8.0.39.0
adobe	flash_player	9.0
adobe	flash_player	9.0.16
adobe	flash_player	9.0.18d60
adobe	flash_player	9.0.20
adobe	flash_player	9.0.20.0
adobe	flash_player	9.0.28
adobe	flash_player	9.0.28.0
adobe	flash_player	9.0.31
adobe	flash_player	9.0.31.0
adobe	flash_player	9.0.45.0
adobe	flash_player	9.0.47.0
adobe	flash_player	9.0.48.0
adobe	flash_player	9.0.112.0
adobe	flash_player	9.0.114.0
adobe	flash_player	9.0.115.0
adobe	flash_player	9.0.124.0
adobe	flash_player	9.0.155.0
adobe	flash_player	9.0.159.0
adobe	flash_player	9.125.0
adobe	flash_player	10.0.0.584
adobe	flash_player	10.0.12.10
adobe	flash_player	10.0.12.36
adobe	flash_player	10.0.22.87

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A0CABFD-DFD2-4FF1-AC2A-712D9831AE36",
              "versionEndIncluding": "1.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97F0F4B8-A8AE-4AF2-8991-36DF5478AC90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F180F403-7032-497F-955B-0CB1D5CA3A74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "51905ABB-C598-415F-9B6C-26963129352A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E50A13-564F-4CE7-8335-B99B83AA0B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD1150-4225-46AC-AF3A-A981FF80EB49",
              "versionEndIncluding": "10.0.32.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*",
              "matchCriteriaId": "9D344A18-4D7B-4B9C-8A8D-AE765FCA32C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:*",
              "matchCriteriaId": "1DAAAEA6-ED8F-496B-81B5-E8D3E3176287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*",
              "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*",
              "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A0777F-22C2-4FD5-BE81-8982BE6874D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*",
              "matchCriteriaId": "600DDA9D-6440-48D1-8539-7127398A8678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5D52F86-2E38-4C66-9939-7603367B8D0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDD0A103-6D00-4D3D-9570-2DF74B6FE294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33AC4365-576C-487A-89C5-197A26D416C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE848097-01E6-4C9B-9593-282D55CC77D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA646396-7C10-45A0-89A9-C75C5D8AFB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*",
              "matchCriteriaId": "3555324F-40F8-4BF4-BE5F-52A1E22B3AFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en el control ActiveX de Flash Player en Adobe Flash Player en versiones anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 en Windows permite a atacantes remotos obtener los nombres de ficheros locales a trav\u00e9s de vectores desconocidos. NOTA: Esta vulnerabilidad se produce debido a un arreglo incompleto de CVE-2009-4820."
    }
  ],
  "id": "CVE-2009-3951",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-12-10T19:30:00.627",
  "references": [
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://osvdb.org/60891"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37584"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://secunia.com/advisories/37902"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://secunia.com/advisories/38241"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1023307"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://support.apple.com/kb/HT4004"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/bid/37199"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3456"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.vupen.com/english/advisories/2010/0173"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54637"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/60891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37584"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1023307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54637"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6663"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2009-3951

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-3951

Aliases

CVE-2009-3951

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-3951",
    "description": "Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.",
    "id": "GSD-2009-3951",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-3951.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-3951"
      ],
      "details": "Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.",
      "id": "GSD-2009-3951",
      "modified": "2023-12-13T01:19:49.464631Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2009-3951",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1023307",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1023307"
          },
          {
            "name": "oval:org.mitre.oval:def:6663",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6663"
          },
          {
            "name": "http://support.apple.com/kb/HT4004",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4004"
          },
          {
            "name": "APPLE-SA-2010-01-19-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
          },
          {
            "name": "ADV-2009-3456",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/3456"
          },
          {
            "name": "SUSE-SA:2009:062",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
          },
          {
            "name": "37584",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37584"
          },
          {
            "name": "37902",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37902"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
          },
          {
            "name": "60891",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/60891"
          },
          {
            "name": "TA09-343A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
          },
          {
            "name": "38241",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38241"
          },
          {
            "name": "flash-activex-information-disclosure(54637)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54637"
          },
          {
            "name": "37199",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/37199"
          },
          {
            "name": "ADV-2010-0173",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0173"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.5.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.0.32.18",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2009-3951"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "37199",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/37199"
            },
            {
              "name": "1023307",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1023307"
            },
            {
              "name": "37584",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/37584"
            },
            {
              "name": "ADV-2009-3456",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3456"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
            },
            {
              "name": "TA09-343A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
            },
            {
              "name": "60891",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/60891"
            },
            {
              "name": "SUSE-SA:2009:062",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
            },
            {
              "name": "37902",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/37902"
            },
            {
              "name": "APPLE-SA-2010-01-19-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4004",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4004"
            },
            {
              "name": "38241",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38241"
            },
            {
              "name": "ADV-2010-0173",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0173"
            },
            {
              "name": "flash-activex-information-disclosure(54637)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54637"
            },
            {
              "name": "oval:org.mitre.oval:def:6663",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6663"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-30T16:26Z",
      "publishedDate": "2009-12-10T19:30Z"
    }
  }
}

GHSA-JW8F-J76P-RV4J

Vulnerability from github – Published: 2022-05-02 03:50 – Updated: 2022-05-02 03:50

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3951"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-12-10T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.",
  "id": "GHSA-jw8f-j76p-rv4j",
  "modified": "2022-05-02T03:50:10Z",
  "published": "2022-05-02T03:50:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3951"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54637"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6663"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/60891"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37584"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37902"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38241"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023307"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4004"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/37199"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3456"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0173"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-3951 (GCVE-0-2009-3951)

CERTA-2010-AVI-022

Description

Solution

CERTA-2009-AVI-541

Description

Solution

FKIE_CVE-2009-3951

GSD-2009-3951

GHSA-JW8F-J76P-RV4J

Tags

Sightings

Nomenclature