CVE-2009-3796

Executive Summary

Informations
Name	CVE-2009-3796	First vendor Publication	2009-12-10
Vendor	Cve	Last vendor Modification	2010-08-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3796

CWE : Common Weakness Enumeration

id	Name
CWE-94	Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:7763

Oval ID:	oval:org.mitre.oval:def:7763
Title:	Multiple Security Vulnerabilities in the Adobe Flash Player for Solaris May Lead to a Denial of Service (DoS) or Arbitrary Code Execution (Adobe Security Bulletin APSB09-19)
Description:	Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3796	Version:	2
Platform(s):	Sun Solaris 10	Product(s):
Definition Synopsis:
Solaris 10 (SPARC) meets Sun Alert 274250 Solaris 10 (SPARC) is installed AND NOT Patch 125332-08 or later installed OR Solaris 10 (x86) meets Sun Alert 274250 Solaris 10 (x86) is installed AND NOT Patch 125333-08 or later installed

Definition Id: oval:org.mitre.oval:def:7460

Oval ID:	oval:org.mitre.oval:def:7460
Title:	Adobe Flash Player and AIR Data Injection Remote Code Execution Vulnerability
Description:	Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-3796	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Vulnerable version of Adobe AIR Adobe AIR is installed AND Adobe AIR version is less than 1.5.3 OR Vulnerable version of Adobe Flash Player Adobe Flash Player is installed AND Adobe Flash Player version installed on the system is less than or equal to 10.0.42.34

Definition Id: oval:org.mitre.oval:def:16216

Oval ID:	oval:org.mitre.oval:def:16216
Title:	Adobe Flash Player and AIR Data Injection Remote Code Execution Vulnerability
Description:	Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
Family:	macos	Class:	vulnerability
Reference(s):	CVE-2009-3796	Version:	3
Platform(s):	Apple Mac OS X	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Vulnerable version of Adobe Flash Player Adobe Flash Player is Installed AND Version of Adobe Flash Player is less than 10.0.42.34 OR Adobe AIR before 1.5.3 is installed Adobe AIR is installed AND Version of Adobe AIR is less than 1.5.3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Adobe Adobe Air cpe:/a:adobe:adobe_air:1.5.2 cpe:/a:adobe:adobe_air:1.5.1 cpe:/a:adobe:adobe_air:1.1 cpe:/a:adobe:adobe_air:1.0.1 cpe:/a:adobe:adobe_air:1.0	5
Application	Adobe Flash Player cpe:/a:adobe:flash_player:10.0.32.18 cpe:/a:adobe:flash_player:10.0.22.87 cpe:/a:adobe:flash_player:10.0.12.36 cpe:/a:adobe:flash_player:10.0.12.10 cpe:/a:adobe:flash_player:10.0.0.584 cpe:/a:adobe:flash_player:9.125.0 cpe:/a:adobe:flash_player:9.0.47.0 cpe:/a:adobe:flash_player:9.0.45.0 cpe:/a:adobe:flash_player:9.0.31.0 cpe:/a:adobe:flash_player:9.0.31 cpe:/a:adobe:flash_player:9.0.28.0 cpe:/a:adobe:flash_player:9.0.28 cpe:/a:adobe:flash_player:9.0.20.0 cpe:/a:adobe:flash_player:9.0.20 cpe:/a:adobe:flash_player:9.0.18d60 cpe:/a:adobe:flash_player:9.0.16 cpe:/a:adobe:flash_player:9.0.159.0 cpe:/a:adobe:flash_player:9.0.155.0 cpe:/a:adobe:flash_player:9.0.124.0 cpe:/a:adobe:flash_player:9.0.115.0 cpe:/a:adobe:flash_player:9.0.114.0 cpe:/a:adobe:flash_player:9.0.112.0 cpe:/a:adobe:flash_player:9 cpe:/a:adobe:flash_player:8.0.39.0 cpe:/a:adobe:flash_player:8.0.35.0 cpe:/a:adobe:flash_player:8.0.34.0 cpe:/a:adobe:flash_player:8.0.24.0 cpe:/a:adobe:flash_player:8.0 cpe:/a:adobe:flash_player:8.0::pro cpe:/a:adobe:flash_player:8.0::basic cpe:/a:adobe:flash_player:8 cpe:/a:adobe:flash_player:8::pro cpe:/a:adobe:flash_player:8::professional cpe:/a:adobe:flash_player:7.2 cpe:/a:adobe:flash_player:7.1.1 cpe:/a:adobe:flash_player:7.1 cpe:/a:adobe:flash_player:7.0.70.0 cpe:/a:adobe:flash_player:7.0.69.0 cpe:/a:adobe:flash_player:7.0.63 cpe:/a:adobe:flash_player:7.0.25 cpe:/a:adobe:flash_player:7.0.1 cpe:/a:adobe:flash_player:7.0 cpe:/a:adobe:flash_player:7	43

Open Source Vulnerability Database (OSVDB)

id	Description
60886	Adobe Flash Player / AIR Unspecified Data Injection Arbitrary Code Execution

Internal Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
BID	http://www.securityfocus.com/bid/37199
CERT	http://www.us-cert.gov/cas/techalerts/TA09-343A.html
CONFIRM	http://support.apple.com/kb/HT4004 http://www.adobe.com/support/security/bulletins/apsb09-19.html https://bugzilla.redhat.com/show_bug.cgi?id=543857
OSVDB	http://osvdb.org/60886
REDHAT	http://www.redhat.com/support/errata/RHSA-2009-1657.html http://www.redhat.com/support/errata/RHSA-2009-1658.html
SECTRACK	http://securitytracker.com/id?1023306 http://securitytracker.com/id?1023307
SECUNIA	http://secunia.com/advisories/37584 http://secunia.com/advisories/37902 http://secunia.com/advisories/38241
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
SUSE	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
VUPEN	http://www.vupen.com/english/advisories/2009/3456 http://www.vupen.com/english/advisories/2010/0173
XF	http://xforce.iss.net/xforce/xfdb/54632

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-10 23:59:56	Multiple Updates

Related	Severity
TA09-343A	(Critical)
SUN-274250	(Critical)
RHSA-2009:1658	(Critical)
RHSA-2009:1657	(Critical)
GLSA-201001-02	(Critical)

Same Subject	Severity
Login to view 6 more Alert(s)

Copyright Security-Database 2006-2013 - Powered by themself ;) in 0.0641s

Facebook rss twitter linkedin mail