Tenable5256.PRMAdobe AIR < 1.5.3 Multiple Vulnerabilities (APSB09-19)
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.2%
The remote Windows host contains a version of Adobe AIR player that is earlier than 1.5.3. Such versions are reportedly affected by multiple vulnerabilities :
-
A vulnerability in the parsing of JPEG data that could potentially lead to code execution. (CVE-2009-3794)
-
A data injection vulnerability that could potentially lead to code execution. (CVE-2009-3796)
-
A memory corruption vulnerability that could potentially lead to code execution. (CVE-2009-3797)
-
A memory corruption vulnerability that could potentially lead to code execution. (CVE-2009-3798)
-
An integer overflow vulnerability that could potentially lead to code execution. (CVE-2009-3799)
-
Multiple crash vulnerabilities that could potentially lead to code execution. (CVE-2009-3800)
-
A Windows-only local file name access vulnerability in the Flash Player ActiveX control that could potentially lead to information disclosure. (CVE-2009-3951)
Binary data 5256.prmReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3794
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3798
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3800
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3951
www.adobe.com/support/security/bulletins/apsb09-19.html
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.2%