Executive Summary

Informations
Name	CVE-2009-3798	First vendor Publication	2009-12-10
Vendor	Cve	Last vendor Modification	2010-08-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3798

CWE : Common Weakness Enumeration

id	Name
CWE-399	Resource Management Errors

OVAL Definitions

 

Definition Id: oval:org.mitre.oval:def:7902
Oval ID:	oval:org.mitre.oval:def:7902
Title:	Multiple Security Vulnerabilities in the Adobe Flash Player for Solaris May Lead to a Denial of Service (DoS) or Arbitrary Code Execution (Adobe Security Bulletin APSB09-19)
Description:	Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3798	Version:	2
Platform(s):	Sun Solaris 10	Product(s):
Definition Synopsis:
Solaris 10 (SPARC) meets Sun Alert 274250 Solaris 10 (SPARC) is installed AND NOT Patch 125332-08 or later installed OR Solaris 10 (x86) meets Sun Alert 274250 Solaris 10 (x86) is installed AND NOT Patch 125333-08 or later installed

 

Definition Id: oval:org.mitre.oval:def:6899
Oval ID:	oval:org.mitre.oval:def:6899
Title:	Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability
Description:	Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-3798	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Vulnerable version of Adobe AIR Adobe AIR is installed AND Adobe AIR version is less than 1.5.3 OR Vulnerable version of Adobe Flash Player Adobe Flash Player is installed AND Adobe Flash Player version installed on the system is less than or equal to 10.0.42.34

 

Definition Id: oval:org.mitre.oval:def:16340
Oval ID:	oval:org.mitre.oval:def:16340
Title:	Adobe Flash Player and AIR Unspecified Memory Corruption Vulnerability
Description:	Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
Family:	macos	Class:	vulnerability
Reference(s):	CVE-2009-3798	Version:	3
Platform(s):	Apple Mac OS X	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Vulnerable version of Adobe Flash Player Adobe Flash Player is Installed AND Version of Adobe Flash Player is less than 10.0.42.34 OR Adobe AIR before 1.5.3 is installed Adobe AIR is installed AND Version of Adobe AIR is less than 1.5.3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Adobe Adobe Air cpe:/a:adobe:adobe_air:1.5.2 cpe:/a:adobe:adobe_air:1.5.1 cpe:/a:adobe:adobe_air:1.1 cpe:/a:adobe:adobe_air:1.0.1 cpe:/a:adobe:adobe_air:1.0	5
Application	Adobe Flash Player cpe:/a:adobe:flash_player:10.0.32.18 cpe:/a:adobe:flash_player:10.0.22.87 cpe:/a:adobe:flash_player:10.0.12.36 cpe:/a:adobe:flash_player:10.0.12.10 cpe:/a:adobe:flash_player:10.0.0.584 cpe:/a:adobe:flash_player:9.125.0 cpe:/a:adobe:flash_player:9.0.47.0 cpe:/a:adobe:flash_player:9.0.45.0 cpe:/a:adobe:flash_player:9.0.31.0 cpe:/a:adobe:flash_player:9.0.31 cpe:/a:adobe:flash_player:9.0.28.0 cpe:/a:adobe:flash_player:9.0.28 cpe:/a:adobe:flash_player:9.0.20.0 cpe:/a:adobe:flash_player:9.0.20 cpe:/a:adobe:flash_player:9.0.18d60 cpe:/a:adobe:flash_player:9.0.16 cpe:/a:adobe:flash_player:9.0.159.0 cpe:/a:adobe:flash_player:9.0.155.0 cpe:/a:adobe:flash_player:9.0.124.0 cpe:/a:adobe:flash_player:9.0.115.0 cpe:/a:adobe:flash_player:9.0.114.0 cpe:/a:adobe:flash_player:9.0.112.0 cpe:/a:adobe:flash_player:9 cpe:/a:adobe:flash_player:8.0.39.0 cpe:/a:adobe:flash_player:8.0.35.0 cpe:/a:adobe:flash_player:8.0.34.0 cpe:/a:adobe:flash_player:8.0.24.0 cpe:/a:adobe:flash_player:8.0::pro cpe:/a:adobe:flash_player:8.0::basic cpe:/a:adobe:flash_player:8.0 cpe:/a:adobe:flash_player:8::pro cpe:/a:adobe:flash_player:8::professional cpe:/a:adobe:flash_player:8 cpe:/a:adobe:flash_player:7.2 cpe:/a:adobe:flash_player:7.1.1 cpe:/a:adobe:flash_player:7.1 cpe:/a:adobe:flash_player:7.0.70.0 cpe:/a:adobe:flash_player:7.0.69.0 cpe:/a:adobe:flash_player:7.0.63 cpe:/a:adobe:flash_player:7.0.25 cpe:/a:adobe:flash_player:7.0.1 cpe:/a:adobe:flash_player:7.0 cpe:/a:adobe:flash_player:7	43

Open Source Vulnerability Database (OSVDB)

id	Description
60888	Adobe Flash Player / AIR Class.Switch Memory Corruption (2009-3798)

Internal Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
BID	http://www.securityfocus.com/bid/37199
CERT	http://www.us-cert.gov/cas/techalerts/TA09-343A.html
CONFIRM	http://support.apple.com/kb/HT4004 http://www.adobe.com/support/security/bulletins/apsb09-19.html https://bugzilla.redhat.com/show_bug.cgi?id=543857
REDHAT	http://www.redhat.com/support/errata/RHSA-2009-1657.html http://www.redhat.com/support/errata/RHSA-2009-1658.html
SECTRACK	http://securitytracker.com/id?1023306 http://securitytracker.com/id?1023307
SECUNIA	http://secunia.com/advisories/37584 http://secunia.com/advisories/37902 http://secunia.com/advisories/38241
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
SUSE	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
VUPEN	http://www.vupen.com/english/advisories/2009/3456 http://www.vupen.com/english/advisories/2010/0173
XF	http://xforce.iss.net/xforce/xfdb/54634

Alert History

Date	Informations
2013-05-10 23:59:57	Multiple Updates