[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-3951Date: (C)2009-12-10   (M)2024-02-22


Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.1
Exploit Score: 8.6
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1023307
BID-37199
SECUNIA-37584
SECUNIA-37902
SECUNIA-38241
OSVDB-60891
ADV-2009-3456
ADV-2010-0173
APPLE-SA-2010-01-19-1
SUSE-SA:2009:062
TA09-343A
flash-activex-information-disclosure(54637)
http://support.apple.com/kb/HT4004
http://www.adobe.com/support/security/bulletins/apsb09-19.html
oval:org.mitre.oval:def:6663

CPE    44
cpe:/a:adobe:adobe_air
cpe:/a:adobe:flash_player
cpe:/a:adobe:flash_player:9.0.45.0
cpe:/a:adobe:flash_player:7.0.25
...
CWE    1
CWE-200
OVAL    4
oval:org.secpod.oval:def:400088
oval:org.mitre.oval:def:6663
oval:org.secpod.oval:def:3513
oval:org.secpod.oval:def:3514
...

© SecPod Technologies