CVE-2009-3794 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Affected Products (NVD)

Vendor	Product	Version
adobe	adobe_air	𝑥 ≤ 1.5.2
adobe	adobe_air	1.0
adobe	adobe_air	1.0.1
adobe	adobe_air	1.1
adobe	adobe_air	1.5.1
adobe	flash_player	𝑥 ≤ 10.0.32.18
adobe	flash_player	7.0
adobe	flash_player	7.0.1
adobe	flash_player	7.0.25
adobe	flash_player	7.0.63
adobe	flash_player	7.0.69.0
adobe	flash_player	7.0.70.0
adobe	flash_player	7.1
adobe	flash_player	7.1.1
adobe	flash_player	7.2
adobe	flash_player	8.0
adobe	flash_player	8.0
adobe	flash_player	8.0
adobe	flash_player	8.0.24.0
adobe	flash_player	8.0.34.0
adobe	flash_player	8.0.35.0
adobe	flash_player	8.0.39.0
adobe	flash_player	9.0
adobe	flash_player	9.0.16
adobe	flash_player	9.0.18d60:d60
adobe	flash_player	9.0.20
adobe	flash_player	9.0.20.0
adobe	flash_player	9.0.28
adobe	flash_player	9.0.28.0
adobe	flash_player	9.0.31
adobe	flash_player	9.0.31.0
adobe	flash_player	9.0.45.0
adobe	flash_player	9.0.47.0
adobe	flash_player	9.0.112.0
adobe	flash_player	9.0.114.0
adobe	flash_player	9.0.115.0
adobe	flash_player	9.0.124.0
adobe	flash_player	9.0.155.0
adobe	flash_player	9.0.159.0
adobe	flash_player	9.125.0
adobe	flash_player	10.0.0.584
adobe	flash_player	10.0.12.10
adobe	flash_player	10.0.12.36
adobe	flash_player	10.0.22.87

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

flashplugin-nonfree

dapper	ignored
hardy	Fixed 0.0.1.218+really9.0.260.0ubuntu1 released
intrepid	Fixed 10.0.42.34ubuntu0.8.10.1 released
jaunty	Fixed 10.0.42.34ubuntu0.9.04.1 released
karmic	Fixed 10.0.42.34ubuntu0.9.10.1 released
lucid	not-affected

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html

http://osvdb.org/60885

http://secunia.com/advisories/37584

http://secunia.com/advisories/37902

http://secunia.com/advisories/38241

http://securitytracker.com/id?1023306

http://securitytracker.com/id?1023307

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1

http://support.apple.com/kb/HT4004

http://www.adobe.com/support/security/bulletins/apsb09-19.html

http://www.redhat.com/support/errata/RHSA-2009-1657.html

http://www.redhat.com/support/errata/RHSA-2009-1658.html

http://www.securityfocus.com/archive/1/508336/100/0/threaded

http://www.securityfocus.com/bid/37199

http://www.us-cert.gov/cas/techalerts/TA09-343A.html

http://www.vupen.com/english/advisories/2009/3456

http://www.vupen.com/english/advisories/2010/0173

http://zerodayinitiative.com/advisories/ZDI-09-092/

https://bugzilla.redhat.com/show_bug.cgi?id=543857

https://exchange.xforce.ibmcloud.com/vulnerabilities/54631

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686

http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html

http://osvdb.org/60885

http://secunia.com/advisories/37584

http://secunia.com/advisories/37902

http://secunia.com/advisories/38241

http://securitytracker.com/id?1023306

http://securitytracker.com/id?1023307

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1

http://support.apple.com/kb/HT4004

http://www.adobe.com/support/security/bulletins/apsb09-19.html

http://www.redhat.com/support/errata/RHSA-2009-1657.html

http://www.redhat.com/support/errata/RHSA-2009-1658.html

http://www.securityfocus.com/archive/1/508336/100/0/threaded

http://www.securityfocus.com/bid/37199

http://www.us-cert.gov/cas/techalerts/TA09-343A.html

http://www.vupen.com/english/advisories/2009/3456

http://www.vupen.com/english/advisories/2010/0173

http://zerodayinitiative.com/advisories/ZDI-09-092/

https://bugzilla.redhat.com/show_bug.cgi?id=543857

https://exchange.xforce.ibmcloud.com/vulnerabilities/54631

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686