9.3
CVE-2009-3796
- EPSS 7.12%
- Veröffentlicht 10.12.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:21
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Flash Player Version <= 10.0.32.18
Adobe ≫ Flash Player Version7.0
Adobe ≫ Flash Player Version7.0.1
Adobe ≫ Flash Player Version7.0.25
Adobe ≫ Flash Player Version7.0.63
Adobe ≫ Flash Player Version7.0.69.0
Adobe ≫ Flash Player Version7.0.70.0
Adobe ≫ Flash Player Version7.1
Adobe ≫ Flash Player Version7.1.1
Adobe ≫ Flash Player Version7.2
Adobe ≫ Flash Player Version8 Editionpro
Adobe ≫ Flash Player Version8 Editionprofessional
Adobe ≫ Flash Player Version8.0
Adobe ≫ Flash Player Version8.0 Editionbasic
Adobe ≫ Flash Player Version8.0 Editionpro
Adobe ≫ Flash Player Version8.0.24.0
Adobe ≫ Flash Player Version8.0.34.0
Adobe ≫ Flash Player Version8.0.35.0
Adobe ≫ Flash Player Version8.0.39.0
Adobe ≫ Flash Player Version9.0
Adobe ≫ Flash Player Version9.0.16
Adobe ≫ Flash Player Version9.0.18d60
Adobe ≫ Flash Player Version9.0.20
Adobe ≫ Flash Player Version9.0.20.0
Adobe ≫ Flash Player Version9.0.28
Adobe ≫ Flash Player Version9.0.28.0
Adobe ≫ Flash Player Version9.0.31
Adobe ≫ Flash Player Version9.0.31.0
Adobe ≫ Flash Player Version9.0.45.0
Adobe ≫ Flash Player Version9.0.47.0
Adobe ≫ Flash Player Version9.0.112.0
Adobe ≫ Flash Player Version9.0.114.0
Adobe ≫ Flash Player Version9.0.115.0
Adobe ≫ Flash Player Version9.0.124.0
Adobe ≫ Flash Player Version9.0.155.0
Adobe ≫ Flash Player Version9.0.159.0
Adobe ≫ Flash Player Version9.125.0
Adobe ≫ Flash Player Version10.0.0.584
Adobe ≫ Flash Player Version10.0.12.10
Adobe ≫ Flash Player Version10.0.12.36
Adobe ≫ Flash Player Version10.0.22.87
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.12% | 0.934 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
http://secunia.com/advisories/38241
http://support.apple.com/kb/HT4004
http://www.vupen.com/english/advisories/2010/0173
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
http://secunia.com/advisories/37584
http://secunia.com/advisories/37902
http://securitytracker.com/id?1023306
http://securitytracker.com/id?1023307
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
http://www.adobe.com/support/security/bulletins/apsb09-19.html
http://www.redhat.com/support/errata/RHSA-2009-1657.html
http://www.redhat.com/support/errata/RHSA-2009-1658.html
http://www.securityfocus.com/bid/37199
http://www.us-cert.gov/cas/techalerts/TA09-343A.html
http://www.vupen.com/english/advisories/2009/3456
https://bugzilla.redhat.com/show_bug.cgi?id=543857
http://osvdb.org/60886
https://exchange.xforce.ibmcloud.com/vulnerabilities/54632
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16216
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7460
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7763