4.9

CVE-2009-1870

Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeAir Version <= 1.5.1
AdobeAir Version1.0
AdobeAir Version1.01
AdobeAir Version1.1
AdobeAir Version1.5
AdobeFlash Player Version <= 10.0.22.87
AdobeFlash Player Version7.0
AdobeFlash Player Version7.0.1
AdobeFlash Player Version7.0.25
AdobeFlash Player Version7.0.63
AdobeFlash Player Version7.0.63 Editionlinux
AdobeFlash Player Version7.0.69.0
AdobeFlash Player Version7.0.70.0
AdobeFlash Player Version7.1
AdobeFlash Player Version7.1.1
AdobeFlash Player Version7.2
AdobeFlash Player Version8.0
AdobeFlash Player Version8.0 Editionbasic
AdobeFlash Player Version8.0 Editionpro
AdobeFlash Player Version8.0.24.0
AdobeFlash Player Version8.0.34.0
AdobeFlash Player Version8.0.35.0
AdobeFlash Player Version8.0.39.0
AdobeFlash Player Version9.0.16
AdobeFlash Player Version9.0.20
AdobeFlash Player Version9.0.20.0
AdobeFlash Player Version9.0.28
AdobeFlash Player Version9.0.28.0
AdobeFlash Player Version9.0.31.0
AdobeFlash Player Version9.0.45.0
AdobeFlash Player Version9.0.47.0
AdobeFlash Player Version9.0.48.0
AdobeFlash Player Version9.0.112.0
AdobeFlash Player Version9.0.114.0
AdobeFlash Player Version9.0.115.0
AdobeFlash Player Version9.0.124.0
AdobeFlash Player Version10.0.0.584
AdobeFlash Player Version10.0.12.10
AdobeFlash Player Version10.0.12.36
AdobeFlex Version3.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.77% 0.509
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:C/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://secunia.com/advisories/36701
http://support.apple.com/kb/HT3865
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
http://secunia.com/advisories/36193
http://secunia.com/advisories/36374
http://security.gentoo.org/glsa/glsa-200908-04.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
http://support.apple.com/kb/HT3864
http://www.adobe.com/support/security/bulletins/apsb09-10.html
Patch
Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb09-13.html
http://www.securityfocus.com/bid/35890
Patch
http://www.securitytracker.com/id?1022629
http://www.vupen.com/english/advisories/2009/2086
Patch
Vendor Advisory
http://osvdb.org/56778
http://www.securityfocus.com/bid/35908
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/52180
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15887
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6648