CVE-2009-3799 – Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3799
Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers." Desbordamiento de entero en la funcion Verifier::parseExceptionHandlers en Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 permite a atacantes remotos ejecutar código arbitrario a través de un fichero SWF con un valor de "exception_count" que inicia una corrupción de la memoria, relacionado con la "generación de administradores de excepciones de ActionScript". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious SWF file. The specific flaw exists in the generation of ActionScript exception handlers. In Verifier::parseExceptionHandlers(), a large value for exception_count will result in an integer overflow condition leading to a memory corruption which can be leveraged to execute arbitrary code under the context of the currently logged in user. • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html http://osvdb.org/60889 http://secunia.com/advisories/37584 http://secunia.com/advisories/37902 http://secunia.com/advisories/38241 http://securitytracker.com/id?1023306 http://securitytracker.com/id?1023307 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1 http://support.apple.com/kb/HT4004 http://www.adobe.c • CWE-189: Numeric Errors •
CVE-2009-3794 – Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3794
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file. Desbordamiento del búfer de la pila en Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 permite a atacantes remotos ejecutar código arbitrario a través de las dimensiones manipuladas de datos JPEG en un fichero SWF. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious SWF file. The specific flaw exists in the parsing of JPEG dimensions contained within an SWF file. Due to the lack of sanity checking when calculating the frame size of an image it is possible to overflow a heap based buffer. • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html http://osvdb.org/60885 http://secunia.com/advisories/37584 http://secunia.com/advisories/37902 http://secunia.com/advisories/38241 http://securitytracker.com/id?1023306 http://securitytracker.com/id?1023307 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1 http://support.apple.com/kb/HT4004 http://www.adobe.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •