cpe:/a:adobe:air:1.0 cpe:/a:adobe:air:1.1 cpe:/a:adobe:air:1.5 cpe:/a:adobe:air:1.5.1 cpe:/a:adobe:flash_player:7.0 cpe:/a:adobe:flash_player:7.0.1 cpe:/a:adobe:flash_player:7.0.25 cpe:/a:adobe:flash_player:7.0.63 cpe:/a:adobe:flash_player:7.0.63::linux cpe:/a:adobe:flash_player:7.0.69.0 cpe:/a:adobe:flash_player:7.0.70.0 cpe:/a:adobe:flash_player:7.1 cpe:/a:adobe:flash_player:7.1.1 cpe:/a:adobe:flash_player:7.2 cpe:/a:adobe:flash_player:8.0 cpe:/a:adobe:flash_player:8.0::basic cpe:/a:adobe:flash_player:8.0::pro cpe:/a:adobe:flash_player:8.0.24.0 cpe:/a:adobe:flash_player:8.0.34.0 cpe:/a:adobe:flash_player:8.0.35.0 cpe:/a:adobe:flash_player:8.0.39.0 cpe:/a:adobe:flash_player:9.0.16 cpe:/a:adobe:flash_player:9.0.20 cpe:/a:adobe:flash_player:9.0.20.0 cpe:/a:adobe:flash_player:9.0.28 cpe:/a:adobe:flash_player:9.0.28.0 cpe:/a:adobe:flash_player:9.0.31.0 cpe:/a:adobe:flash_player:9.0.45.0 cpe:/a:adobe:flash_player:9.0.47.0 cpe:/a:adobe:flash_player:9.0.48.0 cpe:/a:adobe:flash_player:9.0.112.0 cpe:/a:adobe:flash_player:9.0.114.0 cpe:/a:adobe:flash_player:9.0.115.0 cpe:/a:adobe:flash_player:9.0.124.0 cpe:/a:adobe:flash_player:10.0.0.584 cpe:/a:adobe:flash_player:10.0.12.10 cpe:/a:adobe:flash_player:10.0.12.36 cpe:/a:adobe:flash_player:10.0.22.87 cpe:/a:adobe:flex:3.0 CVE-2009-1868 2009-07-31T15:30:00.343-04:00 2017-09-28T21:34:37.653-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-08-03T12:25:00.000-04:00 ALLOWS_ADMIN_ACCESS SECTRACK 1022629 SUNALERT 266108 BID 35890 BID 35902 SECUNIA 36193 SECUNIA 36374 SECUNIA 36701 OSVDB 56776 VUPEN ADV-2009-2086 APPLE APPLE-SA-2009-09-10-1 APPLE APPLE-SA-2009-09-10-2 GENTOO GLSA-200908-04 XF flash-air-unspecified-bo-var1(52185) CONFIRM http://support.apple.com/kb/HT3864 CONFIRM http://support.apple.com/kb/HT3865 CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-10.html CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-13.html Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing.