CVE-2009-1867

EPSS 0.99%
Published 31.07.2009 19:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 22

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Air Version <= 1.5.1

Adobe ≫ Air Version1.0

Adobe ≫ Air Version1.01

Adobe ≫ Air Version1.1

Adobe ≫ Air Version1.5

Adobe ≫ Flash Player Version <= 10.0.22.87

Adobe ≫ Flash Player Version7.0

Adobe ≫ Flash Player Version7.0.1

Adobe ≫ Flash Player Version7.0.25

Adobe ≫ Flash Player Version7.0.63

Adobe ≫ Flash Player Version7.0.63 Editionlinux

Adobe ≫ Flash Player Version7.0.69.0

Adobe ≫ Flash Player Version7.0.70.0

Adobe ≫ Flash Player Version7.1

Adobe ≫ Flash Player Version7.1.1

Adobe ≫ Flash Player Version7.2

Adobe ≫ Flash Player Version8.0

Adobe ≫ Flash Player Version8.0 Editionbasic

Adobe ≫ Flash Player Version8.0 Editionpro

Adobe ≫ Flash Player Version8.0.24.0

Adobe ≫ Flash Player Version8.0.34.0

Adobe ≫ Flash Player Version8.0.35.0

Adobe ≫ Flash Player Version8.0.39.0

Adobe ≫ Flash Player Version9.0.16

Adobe ≫ Flash Player Version9.0.20

Adobe ≫ Flash Player Version9.0.20.0

Adobe ≫ Flash Player Version9.0.28

Adobe ≫ Flash Player Version9.0.28.0

Adobe ≫ Flash Player Version9.0.31.0

Adobe ≫ Flash Player Version9.0.45.0

Adobe ≫ Flash Player Version9.0.47.0

Adobe ≫ Flash Player Version9.0.48.0

Adobe ≫ Flash Player Version9.0.112.0

Adobe ≫ Flash Player Version9.0.114.0

Adobe ≫ Flash Player Version9.0.115.0

Adobe ≫ Flash Player Version9.0.124.0

Adobe ≫ Flash Player Version10.0.0.584

Adobe ≫ Flash Player Version10.0.12.10

Adobe ≫ Flash Player Version10.0.12.36

Adobe ≫ Flex Version3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.99%	0.759

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

http://secunia.com/advisories/36701

http://support.apple.com/kb/HT3865

http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html

http://secunia.com/advisories/36193

http://secunia.com/advisories/36374

http://security.gentoo.org/glsa/glsa-200908-04.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1

http://support.apple.com/kb/HT3864

http://www.adobe.com/support/security/bulletins/apsb09-10.html

Patch

Vendor Advisory