English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72151 CVE descriptions
and 38907 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.801083
Category:General
Title:Adobe Flash Player/Air Multiple Vulnerabilities - dec09 (Win)
Summary:Check for the version of Adobe Flash Player/Air
Description:
Overview: This host is installed with Adobe Flash Player/Air and is prone to
multiple vulnerabilities.

Vulnerability Insight:
The multiple Flaws are due to:
- An error occured while parsing JPEG dimensions contained within an SWF file
can be exploited to cause a heap-based buffer overflow.
- An unspecified error may allow injection of data and potentially lead to
execution of arbitrary code.
- An unspecified error possibly related to 'getProperty()' can be exploited
to corrupt memory and may allow execution of arbitrary code.
- An unspecified error can be exploited to corrupt memory and may allow
execution of arbitrary code.
- An integer overflow error when generating ActionScript exception handlers
in 'Verifier::parseExceptionHandlers()' can be exploited to corrupt memory.
- Various unspecified errors may potentially allow execution of arbitrary code.
- An error may disclose information about local file names.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary code,
gain elevated privileges, gain knowledge of certain information and conduct
clickjacking attacks.

Impact Level: System/Application

Affected Software/OS:
Adobe AIR version prior to 1.5.3
Adobe Flash Player 10 version prior to 10.0.42.34 on Windows

Fix: Update to Adobe Air 1.5.3 or Adobe Flash Player 10.0.42.34
http://get.adobe.com/air
http://www.adobe.com/support/flashplayer/downloads.html

References:
http://secunia.com/advisories/37584
http://www.vupen.com/english/advisories/2009/3456
http://www.adobe.com/support/security/bulletins/apsb09-19.html
Cross-Ref: BugTraq ID: 37266
BugTraq ID: 37270
BugTraq ID: 37273
BugTraq ID: 37275
BugTraq ID: 37267
BugTraq ID: 37269
BugTraq ID: 37272
Common Vulnerability Exposure (CVE) ID: CVE-2009-3794
Bugtraq: 20091209 ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/508336/100/0/threaded
http://zerodayinitiative.com/advisories/ZDI-09-092/
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
http://www.redhat.com/support/errata/RHSA-2009-1657.html
http://www.redhat.com/support/errata/RHSA-2009-1658.html
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
SuSE Security Announcement: SUSE-SA:2009:062 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
Cert/CC Advisory: TA09-343A
http://www.us-cert.gov/cas/techalerts/TA09-343A.html
BugTraq ID: 37199
http://www.securityfocus.com/bid/37199
http://osvdb.org/60885
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7465
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8686
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:15948
http://securitytracker.com/id?1023306
http://securitytracker.com/id?1023307
http://secunia.com/advisories/37584
http://secunia.com/advisories/37902
http://secunia.com/advisories/38241
http://www.vupen.com/english/advisories/2009/3456
http://www.vupen.com/english/advisories/2010/0173
XForce ISS Database: flash-air-jpeg-code-execution(54631)
http://xforce.iss.net/xforce/xfdb/54631
Common Vulnerability Exposure (CVE) ID: CVE-2009-3796
http://osvdb.org/60886
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7460
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7763
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16216
XForce ISS Database: flash-air-data-code-execution(54632)
http://xforce.iss.net/xforce/xfdb/54632
Common Vulnerability Exposure (CVE) ID: CVE-2009-3797
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7140
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8350
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:15795
XForce ISS Database: flash-air-corruption-code-execution(54633)
http://xforce.iss.net/xforce/xfdb/54633
Common Vulnerability Exposure (CVE) ID: CVE-2009-3798
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6899
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7902
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16340
XForce ISS Database: flash-air-unspecified-code-execution(54634)
http://xforce.iss.net/xforce/xfdb/54634
Common Vulnerability Exposure (CVE) ID: CVE-2009-3799
Bugtraq: 20091209 ZDI-09-093: Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/508334/100/0/threaded
http://zerodayinitiative.com/advisories/ZDI-09-093/
http://osvdb.org/60889
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7191
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8208
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16315
XForce ISS Database: flash-air-unspecified-overflow(54635)
http://xforce.iss.net/xforce/xfdb/54635
Common Vulnerability Exposure (CVE) ID: CVE-2009-3800
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6972
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8613
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16054
XForce ISS Database: flash-air-multiple-code-execution(54636)
http://xforce.iss.net/xforce/xfdb/54636
Common Vulnerability Exposure (CVE) ID: CVE-2009-3951
http://osvdb.org/60891
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6663
XForce ISS Database: flash-activex-information-disclosure(54637)
http://xforce.iss.net/xforce/xfdb/54637
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.