CVE-2009-3794

CVSS V2 High 9.3 CVSS V3 None
Description
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.
Overview
  • CVE ID
  • CVE-2009-3794
  • Assigner
  • psirt@adobe.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2009-12-10T19:30:00
  • Last Modified Date
  • 2018-10-30T16:26:24
Weakness Enumerations
CWE URL
CWE-119 http://cwe.mitre.org/data/definitions/119.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:* 1 OR 1.5.2
cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* 1 OR 10.0.32.18
cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9.3
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://www.us-cert.gov/cas/techalerts/TA09-343A.html US Government Resource
http://www.redhat.com/support/errata/RHSA-2009-1657.html
http://securitytracker.com/id?1023307
http://securitytracker.com/id?1023306
https://bugzilla.redhat.com/show_bug.cgi?id=543857
http://www.vupen.com/english/advisories/2009/3456 Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-1658.html Patch
http://www.securityfocus.com/bid/37199
http://zerodayinitiative.com/advisories/ZDI-09-092/ Patch
http://secunia.com/advisories/37584 Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb09-19.html Patch Vendor Advisory
http://osvdb.org/60885
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
http://secunia.com/advisories/37902
http://support.apple.com/kb/HT4004
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
http://secunia.com/advisories/38241
http://www.vupen.com/english/advisories/2010/0173
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/54631
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948
http://www.securityfocus.com/archive/1/508336/100/0/threaded
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2009-3794
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3794
History
Created Old Value New Value Data Type Notes
2022-05-10 17:58:07 Added to TrackCVE