CVE-2009-3951

CVSS V2 High 7.1 CVSS V3 None
Description
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.
Overview
  • CVE ID
  • CVE-2009-3951
  • Assigner
  • psirt@adobe.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2009-12-10T19:30:00
  • Last Modified Date
  • 2018-10-30T16:26:24
Weakness Enumerations
CWE URL
CWE-200 http://cwe.mitre.org/data/definitions/200.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* 0 OR
cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:* 1 OR 1.5.2
cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* 1 OR 10.0.32.18
cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:C/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 7.1
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 6.9
References
Reference URL Reference Tags
http://www.securityfocus.com/bid/37199
http://securitytracker.com/id?1023307 Patch
http://secunia.com/advisories/37584 Vendor Advisory
http://www.vupen.com/english/advisories/2009/3456 Patch Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb09-19.html Patch Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA09-343A.html US Government Resource
http://osvdb.org/60891
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
http://secunia.com/advisories/37902
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
http://support.apple.com/kb/HT4004
http://secunia.com/advisories/38241
http://www.vupen.com/english/advisories/2010/0173
https://exchange.xforce.ibmcloud.com/vulnerabilities/54637
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6663
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2009-3951
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3951
History
Created Old Value New Value Data Type Notes
2022-05-10 17:58:09 Added to TrackCVE