CVE-2009-3951

Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.
References
Link Resource
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
http://osvdb.org/60891
http://secunia.com/advisories/37584 Vendor Advisory
http://secunia.com/advisories/37902
http://secunia.com/advisories/38241
http://securitytracker.com/id?1023307 Patch
http://support.apple.com/kb/HT4004
http://www.adobe.com/support/security/bulletins/apsb09-19.html Patch Vendor Advisory
http://www.securityfocus.com/bid/37199
http://www.us-cert.gov/cas/techalerts/TA09-343A.html US Government Resource
http://www.vupen.com/english/advisories/2009/3456 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2010/0173
https://exchange.xforce.ibmcloud.com/vulnerabilities/54637
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6663
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
http://osvdb.org/60891
http://secunia.com/advisories/37584 Vendor Advisory
http://secunia.com/advisories/37902
http://secunia.com/advisories/38241
http://securitytracker.com/id?1023307 Patch
http://support.apple.com/kb/HT4004
http://www.adobe.com/support/security/bulletins/apsb09-19.html Patch Vendor Advisory
http://www.securityfocus.com/bid/37199
http://www.us-cert.gov/cas/techalerts/TA09-343A.html US Government Resource
http://www.vupen.com/english/advisories/2009/3456 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2010/0173
https://exchange.xforce.ibmcloud.com/vulnerabilities/54637
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6663
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
OR cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*

History

21 Nov 2024, 01:08

Type Values Removed Values Added
References () http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html - () http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html -
References () http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html - () http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html -
References () http://osvdb.org/60891 - () http://osvdb.org/60891 -
References () http://secunia.com/advisories/37584 - Vendor Advisory () http://secunia.com/advisories/37584 - Vendor Advisory
References () http://secunia.com/advisories/37902 - () http://secunia.com/advisories/37902 -
References () http://secunia.com/advisories/38241 - () http://secunia.com/advisories/38241 -
References () http://securitytracker.com/id?1023307 - Patch () http://securitytracker.com/id?1023307 - Patch
References () http://support.apple.com/kb/HT4004 - () http://support.apple.com/kb/HT4004 -
References () http://www.adobe.com/support/security/bulletins/apsb09-19.html - Patch, Vendor Advisory () http://www.adobe.com/support/security/bulletins/apsb09-19.html - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/37199 - () http://www.securityfocus.com/bid/37199 -
References () http://www.us-cert.gov/cas/techalerts/TA09-343A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA09-343A.html - US Government Resource
References () http://www.vupen.com/english/advisories/2009/3456 - Patch, Vendor Advisory () http://www.vupen.com/english/advisories/2009/3456 - Patch, Vendor Advisory
References () http://www.vupen.com/english/advisories/2010/0173 - () http://www.vupen.com/english/advisories/2010/0173 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/54637 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/54637 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6663 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6663 -

Information

Published : 2009-12-10 19:30

Updated : 2024-11-21 01:08


NVD link : CVE-2009-3951

Mitre link : CVE-2009-3951

CVE.ORG link : CVE-2009-3951


JSON object : View

Products Affected

adobe

  • adobe_air
  • flash_player

microsoft

  • windows
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor