[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-3794Date: (C)2009-12-10   (M)2024-02-22


Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SUNALERT-1021716
SECTRACK-1023306
SECTRACK-1023307
http://www.securityfocus.com/archive/1/508336/100/0/threaded
BID-37199
SECUNIA-37584
SECUNIA-37902
SECUNIA-38241
OSVDB-60885
ADV-2009-3456
ADV-2010-0173
APPLE-SA-2010-01-19-1
RHSA-2009:1657
RHSA-2009:1658
SUSE-SA:2009:062
TA09-343A
flash-air-jpeg-code-execution(54631)
http://support.apple.com/kb/HT4004
http://www.adobe.com/support/security/bulletins/apsb09-19.html
http://zerodayinitiative.com/advisories/ZDI-09-092/
https://bugzilla.redhat.com/show_bug.cgi?id=543857
oval:org.mitre.oval:def:15948
oval:org.mitre.oval:def:7465
oval:org.mitre.oval:def:8686

CPE    42
cpe:/a:adobe:adobe_air
cpe:/a:adobe:flash_player
cpe:/a:adobe:flash_player:9.0.45.0
cpe:/a:adobe:flash_player:7.0.25
...
CWE    1
CWE-119
OVAL    8
oval:org.secpod.oval:def:17989
oval:org.secpod.oval:def:17990
oval:org.secpod.oval:def:400088
oval:org.secpod.oval:def:17978
...

© SecPod Technologies