CVE-2009-0114

Executive Summary

Informations
Name	CVE-2009-0114	First vendor Publication	2009-02-26
Vendor	Cve	Last vendor Modification	2010-08-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:P)
Cvss Base Score	5.8	Attack Range	Network
Cvss Impact Score	4.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0114

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6662

Oval ID:	oval:org.mitre.oval:def:6662
Title:	Adobe Flash Player Settings Manager May Let Remote Users Conduct Clickjacking Attacks
Description:	Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-0114	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Flash Player
Definition Synopsis:
Adobe Flash Player is installed AND Adobe Flash Player version installed on the system is less than 9.0.159.0 OR Adobe Flash Player version installed on the system is greater than or equal to 10.0 AND Adobe Flash Player version installed on the system is less than 10.0.22.87

Definition Id: oval:org.mitre.oval:def:16419

Oval ID:	oval:org.mitre.oval:def:16419
Title:	Adobe Flash Player Settings Manager May Let Remote Users Conduct Clickjacking Attacks
Description:	Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant."
Family:	macos	Class:	vulnerability
Reference(s):	CVE-2009-0114	Version:	3
Platform(s):	Apple Mac OS X	Product(s):	Adobe Flash Player
Definition Synopsis:
Adobe Flash Player is Installed AND Flash version is before 9.0.159.0 or 10.x before 10.0.22.87 Version of Adobe Flash Player is less than 9.0.159.0 OR Adobe Flash Player 10.x before 10.0.22.87 installed Adobe Flash Player 10 is Installed AND Version of Adobe Flash Player is less than 10.0.22.87

CPE : Common Platform Enumeration

Type	Description	Count
Application	Adobe Air cpe:/a:adobe:air:1.5	1
Application	Adobe Flash Player cpe:/a:adobe:flash_player:10.0.12.36 cpe:/a:adobe:flash_player:10.0.12.10 cpe:/a:adobe:flash_player:10.0.0.584 cpe:/a:adobe:flash_player:9.0.48.0 cpe:/a:adobe:flash_player:9.0.47.0 cpe:/a:adobe:flash_player:9.0.45.0 cpe:/a:adobe:flash_player:9.0.31.0 cpe:/a:adobe:flash_player:9.0.28.0 cpe:/a:adobe:flash_player:9.0.28 cpe:/a:adobe:flash_player:9.0.20.0 cpe:/a:adobe:flash_player:9.0.20 cpe:/a:adobe:flash_player:9.0.16 cpe:/a:adobe:flash_player:9.0.124.0 cpe:/a:adobe:flash_player:9.0.115.0 cpe:/a:adobe:flash_player:9.0.114.0 cpe:/a:adobe:flash_player:9.0.112.0 cpe:/a:adobe:flash_player:8.0.39.0 cpe:/a:adobe:flash_player:8.0.35.0 cpe:/a:adobe:flash_player:8.0.34.0 cpe:/a:adobe:flash_player:8.0.24.0 cpe:/a:adobe:flash_player:8.0::basic cpe:/a:adobe:flash_player:8.0 cpe:/a:adobe:flash_player:8.0::pro cpe:/a:adobe:flash_player:7.2 cpe:/a:adobe:flash_player:7.1.1 cpe:/a:adobe:flash_player:7.1 cpe:/a:adobe:flash_player:7.0.70.0 cpe:/a:adobe:flash_player:7.0.69.0 cpe:/a:adobe:flash_player:7.0.63 cpe:/a:adobe:flash_player:7.0.63::linux cpe:/a:adobe:flash_player:7.0.25 cpe:/a:adobe:flash_player:7.0.1 cpe:/a:adobe:flash_player:7.0 cpe:/a:adobe:flash_player:cs4::pro cpe:/a:adobe:flash_player:cs3::pro	35
Application	Adobe Flash Player For Linux cpe:/a:adobe:flash_player_for_linux:10.0.15.3	1
Application	Adobe Flex cpe:/a:adobe:flex:3.0	1

Open Source Vulnerability Database (OSVDB)

id	Description
52749	Adobe Flash Player Settings Manager Unspecified Clickjacking

Internal Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
CERT	http://www.us-cert.gov/cas/techalerts/TA09-133A.html
CONFIRM	http://support.apple.com/kb/HT3549 http://www.adobe.com/support/security/bulletins/apsb09-01.html
GENTOO	http://security.gentoo.org/glsa/glsa-200903-23.xml
MISC	http://isc.sans.org/diary.html?storyid=5929
SECTRACK	http://securitytracker.com/id?1021751
SECUNIA	http://secunia.com/advisories/34226 http://secunia.com/advisories/34293 http://secunia.com/advisories/35074
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1
VUPEN	http://www.vupen.com/english/advisories/2009/0513 http://www.vupen.com/english/advisories/2009/0743 http://www.vupen.com/english/advisories/2009/1297
XF	http://xforce.iss.net/xforce/xfdb/48902

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-10 23:41:51	Multiple Updates

Type	Count
Oval ID(s)	2
CPE ID(s)	38
osvdb(s)	1

Related	Severity
TA09-133A	(Critical)
GLSA-200903-23	(Critical)
SUN-254909	(Critical)

Same Subject	Severity
Login to view 80 more Alert(s)

CVE-2009-0114

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Internal Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU