CVE-2009-3796 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C
adobe	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Vendor	Product	Version
adobe	adobe_air	𝑥 ≤ 1.5.2
adobe	adobe_air	1.0
adobe	adobe_air	1.0.1
adobe	adobe_air	1.1
adobe	adobe_air	1.5.1
adobe	flash_player	𝑥 ≤ 10.0.32.18
adobe	flash_player	7.0
adobe	flash_player	7.0.1
adobe	flash_player	7.0.25
adobe	flash_player	7.0.63
adobe	flash_player	7.0.69.0
adobe	flash_player	7.0.70.0
adobe	flash_player	7.1
adobe	flash_player	7.1.1
adobe	flash_player	7.2
adobe	flash_player	8.0
adobe	flash_player	8.0
adobe	flash_player	8.0
adobe	flash_player	8.0.24.0
adobe	flash_player	8.0.34.0
adobe	flash_player	8.0.35.0
adobe	flash_player	8.0.39.0
adobe	flash_player	9.0
adobe	flash_player	9.0.16
adobe	flash_player	9.0.18d60:d60
adobe	flash_player	9.0.20
adobe	flash_player	9.0.20.0
adobe	flash_player	9.0.28
adobe	flash_player	9.0.28.0
adobe	flash_player	9.0.31
adobe	flash_player	9.0.31.0
adobe	flash_player	9.0.45.0
adobe	flash_player	9.0.47.0
adobe	flash_player	9.0.112.0
adobe	flash_player	9.0.114.0
adobe	flash_player	9.0.115.0
adobe	flash_player	9.0.124.0
adobe	flash_player	9.0.155.0
adobe	flash_player	9.0.159.0
adobe	flash_player	9.125.0
adobe	flash_player	10.0.0.584
adobe	flash_player	10.0.12.10
adobe	flash_player	10.0.12.36
adobe	flash_player	10.0.22.87

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

flashplugin-nonfree

lucid	not-affected
karmic	Fixed 10.0.42.34ubuntu0.9.10.1 released
jaunty	Fixed 10.0.42.34ubuntu0.9.04.1 released
intrepid	Fixed 10.0.42.34ubuntu0.8.10.1 released
hardy	Fixed 0.0.1.218+really9.0.260.0ubuntu1 released
dapper	ignored

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html

http://osvdb.org/60886

http://secunia.com/advisories/37584

http://secunia.com/advisories/37902

http://secunia.com/advisories/38241

http://securitytracker.com/id?1023306

http://securitytracker.com/id?1023307

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1

http://support.apple.com/kb/HT4004

http://www.adobe.com/support/security/bulletins/apsb09-19.html

http://www.redhat.com/support/errata/RHSA-2009-1657.html

http://www.redhat.com/support/errata/RHSA-2009-1658.html

http://www.securityfocus.com/bid/37199

http://www.us-cert.gov/cas/techalerts/TA09-343A.html

http://www.vupen.com/english/advisories/2009/3456

http://www.vupen.com/english/advisories/2010/0173

https://bugzilla.redhat.com/show_bug.cgi?id=543857

https://exchange.xforce.ibmcloud.com/vulnerabilities/54632

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16216

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7460

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7763

http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html

http://osvdb.org/60886

http://secunia.com/advisories/37584

http://secunia.com/advisories/37902

http://secunia.com/advisories/38241

http://securitytracker.com/id?1023306

http://securitytracker.com/id?1023307

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1

http://support.apple.com/kb/HT4004

http://www.adobe.com/support/security/bulletins/apsb09-19.html

http://www.redhat.com/support/errata/RHSA-2009-1657.html

http://www.redhat.com/support/errata/RHSA-2009-1658.html

http://www.securityfocus.com/bid/37199

http://www.us-cert.gov/cas/techalerts/TA09-343A.html

http://www.vupen.com/english/advisories/2009/3456

http://www.vupen.com/english/advisories/2010/0173

https://bugzilla.redhat.com/show_bug.cgi?id=543857

https://exchange.xforce.ibmcloud.com/vulnerabilities/54632

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16216

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7460

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7763