Test ID:	1.3.6.1.4.1.25623.1.0.800853
Category:	Denial of Service
Title:	Adobe Flash Player/Air Multiple DoS Vulnerabilities (Aug 2009) - Windows
Summary:	Adobe Flash Player/Air is prone to multiple Denial of Service vulnerabilities.
Description:	Summary: Adobe Flash Player/Air is prone to multiple Denial of Service vulnerabilities. Vulnerability Insight: Multiple vulnerabilities which can be to exploited to cause memory corruption, null pointer, privilege escalation, heap-based buffer overflow, local sandbox bypass, and input validation errors when processing specially crafted web pages. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code, gain elevated privileges, gain knowledge of certain information and conduct clickjacking attacks. Affected Software/OS: Adobe AIR version prior to 1.5.2 Adobe Flash Player 9 version prior to 9.0.246.0 Adobe Flash Player 10 version prior to 10.0.32.18 on Windows Solution: Update to Adobe Air 1.5.2 or Adobe Flash Player 9.0.246.0 or 10.0.32.18. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1863 http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html BugTraq ID: 35890 http://www.securityfocus.com/bid/35890 BugTraq ID: 35900 http://www.securityfocus.com/bid/35900 http://security.gentoo.org/glsa/glsa-200908-04.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16391 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6961 http://www.securitytracker.com/id?1022629 http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://secunia.com/advisories/36701 http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://www.vupen.com/english/advisories/2009/2086 XForce ISS Database: adobe-flash-air-code-execution(52179) https://exchange.xforce.ibmcloud.com/vulnerabilities/52179 Common Vulnerability Exposure (CVE) ID: CVE-2009-1864 BugTraq ID: 35904 http://www.securityfocus.com/bid/35904 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16133 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6660 XForce ISS Database: flash-air-unspecified-bo(52184) https://exchange.xforce.ibmcloud.com/vulnerabilities/52184 Common Vulnerability Exposure (CVE) ID: CVE-2009-1865 BugTraq ID: 35906 http://www.securityfocus.com/bid/35906 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16338 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7011 XForce ISS Database: flash-air-code-execution-var1(52182) https://exchange.xforce.ibmcloud.com/vulnerabilities/52182 Common Vulnerability Exposure (CVE) ID: CVE-2009-1866 BugTraq ID: 35901 http://www.securityfocus.com/bid/35901 http://osvdb.org/56774 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16198 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7271 XForce ISS Database: flash-air-unspecified-bo-var2(52186) https://exchange.xforce.ibmcloud.com/vulnerabilities/52186 Common Vulnerability Exposure (CVE) ID: CVE-2009-1867 BugTraq ID: 35905 http://www.securityfocus.com/bid/35905 http://osvdb.org/56775 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15430 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6694 XForce ISS Database: flash-air-unspecified-clickjacking(52183) https://exchange.xforce.ibmcloud.com/vulnerabilities/52183 Common Vulnerability Exposure (CVE) ID: CVE-2009-1868 BugTraq ID: 35902 http://www.securityfocus.com/bid/35902 http://osvdb.org/56776 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15955 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6865 XForce ISS Database: flash-air-unspecified-bo-var1(52185) https://exchange.xforce.ibmcloud.com/vulnerabilities/52185 Common Vulnerability Exposure (CVE) ID: CVE-2009-1869 BugTraq ID: 35907 http://www.securityfocus.com/bid/35907 Bugtraq: 20090802 Advisory: Adobe Flash Player and AIR AVM2 intf_count Integer Overflow Remote Code Execution (CVE-2009-1869) (Google Search) http://www.securityfocus.com/archive/1/505467/100/0/threaded http://roeehay.blogspot.com/2009/08/advisory-adobe-flash-player-avm2.html http://roeehay.blogspot.com/2009/08/exploitation-of-cve-2009-1869.html http://osvdb.org/56777 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15994 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6998 XForce ISS Database: flash-air-code-execution(52181) https://exchange.xforce.ibmcloud.com/vulnerabilities/52181 Common Vulnerability Exposure (CVE) ID: CVE-2009-1870 BugTraq ID: 35908 http://www.securityfocus.com/bid/35908 http://osvdb.org/56778 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15887 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6648 XForce ISS Database: flash-air-sandbox-info-disclosure(52180) https://exchange.xforce.ibmcloud.com/vulnerabilities/52180
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.