CVSS: 9.3EPSS: 0%CPEs: 46EXPL: 0CVE-2009-3798 – flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)
https://notcve.org/view.php?id=CVE-2009-3798
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 podría permitir a atacantes ejecutar código a través de vectores sin especificar que inician una corrupción de memoria. • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html http://secunia.com/advisories/37584 http://secunia.com/advisories/37902 http://secunia.com/advisories/38241 http://securitytracker.com/id?1023306 http://securitytracker.com/id?1023307 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1 http://support.apple.com/kb/HT4004 http://www.adobe.com/support/security/bulletins/ • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 48EXPL: 0CVE-2009-3951
https://notcve.org/view.php?id=CVE-2009-3951
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820. Vulnerabilidad sin especificar en el control ActiveX de Flash Player en Adobe Flash Player en versiones anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 en Windows permite a atacantes remotos obtener los nombres de ficheros locales a través de vectores desconocidos. NOTA: Esta vulnerabilidad se produce debido a un arreglo incompleto de CVE-2009-4820. • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html http://osvdb.org/60891 http://secunia.com/advisories/37584 http://secunia.com/advisories/37902 http://secunia.com/advisories/38241 http://securitytracker.com/id?1023307 http://support.apple.com/kb/HT4004 http://www.adobe.com/support/security/bulletins/apsb09-19.html http://www.securityfocus.com/bid/37199 http://www.us-cert.gov&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 31%CPEs: 46EXPL: 0CVE-2009-3799 – Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3799
Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers." Desbordamiento de entero en la funcion Verifier::parseExceptionHandlers en Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 permite a atacantes remotos ejecutar código arbitrario a través de un fichero SWF con un valor de "exception_count" que inicia una corrupción de la memoria, relacionado con la "generación de administradores de excepciones de ActionScript". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious SWF file. The specific flaw exists in the generation of ActionScript exception handlers. In Verifier::parseExceptionHandlers(), a large value for exception_count will result in an integer overflow condition leading to a memory corruption which can be leveraged to execute arbitrary code under the context of the currently logged in user. • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html http://osvdb.org/60889 http://secunia.com/advisories/37584 http://secunia.com/advisories/37902 http://secunia.com/advisories/38241 http://securitytracker.com/id?1023306 http://securitytracker.com/id?1023307 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1 http://support.apple.com/kb/HT4004 http://www.adobe.c • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 72%CPEs: 46EXPL: 0CVE-2009-3794 – Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3794
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file. Desbordamiento del búfer de la pila en Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 permite a atacantes remotos ejecutar código arbitrario a través de las dimensiones manipuladas de datos JPEG en un fichero SWF. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious SWF file. The specific flaw exists in the parsing of JPEG dimensions contained within an SWF file. Due to the lack of sanity checking when calculating the frame size of an image it is possible to overflow a heap based buffer. • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html http://osvdb.org/60885 http://secunia.com/advisories/37584 http://secunia.com/advisories/37902 http://secunia.com/advisories/38241 http://securitytracker.com/id?1023306 http://securitytracker.com/id?1023307 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1 http://support.apple.com/kb/HT4004 http://www.adobe.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 40EXPL: 0CVE-2009-1864 – flash-plugin: multiple code execution flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1864
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicación) o posiblemente ejecutar código de su elección mediante vectores no especificados. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://secunia.com/advisories/36701 http://security.gentoo.org/glsa/glsa-200908-04.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 http://www.adobe.com/support/secu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •