Test ID:	1.3.6.1.4.1.25623.1.0.801083
Category:	General
Title:	Adobe Flash Player/Air Multiple Vulnerabilities - dec09 (Win)
Summary:	Check for the version of Adobe Flash Player/Air
Description:	Overview: This host is installed with Adobe Flash Player/Air and is prone to multiple vulnerabilities. Vulnerability Insight: The multiple Flaws are due to: - An error occured while parsing JPEG dimensions contained within an SWF file can be exploited to cause a heap-based buffer overflow. - An unspecified error may allow injection of data and potentially lead to execution of arbitrary code. - An unspecified error possibly related to 'getProperty()' can be exploited to corrupt memory and may allow execution of arbitrary code. - An unspecified error can be exploited to corrupt memory and may allow execution of arbitrary code. - An integer overflow error when generating ActionScript exception handlers in 'Verifier::parseExceptionHandlers()' can be exploited to corrupt memory. - Various unspecified errors may potentially allow execution of arbitrary code. - An error may disclose information about local file names. Impact: Successful exploitation will allow remote attackers to execute arbitrary code, gain elevated privileges, gain knowledge of certain information and conduct clickjacking attacks. Impact Level: System/Application Affected Software/OS: Adobe AIR version prior to 1.5.3 Adobe Flash Player 10 version prior to 10.0.42.34 on Windows Fix: Update to Adobe Air 1.5.3 or Adobe Flash Player 10.0.42.34 http://get.adobe.com/air http://www.adobe.com/support/flashplayer/downloads.html References: http://secunia.com/advisories/37584 http://www.vupen.com/english/advisories/2009/3456 http://www.adobe.com/support/security/bulletins/apsb09-19.html
Cross-Ref:	BugTraq ID: 37266 BugTraq ID: 37270 BugTraq ID: 37273 BugTraq ID: 37275 BugTraq ID: 37267 BugTraq ID: 37269 BugTraq ID: 37272 Common Vulnerability Exposure (CVE) ID: CVE-2009-3794 Bugtraq: 20091209 ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/508336/100/0/threaded http://zerodayinitiative.com/advisories/ZDI-09-092/ http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html http://www.redhat.com/support/errata/RHSA-2009-1657.html http://www.redhat.com/support/errata/RHSA-2009-1658.html http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1 SuSE Security Announcement: SUSE-SA:2009:062 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html Cert/CC Advisory: TA09-343A http://www.us-cert.gov/cas/techalerts/TA09-343A.html BugTraq ID: 37199 http://www.securityfocus.com/bid/37199 http://osvdb.org/60885 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7465 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8686 http://securitytracker.com/id?1023306 http://securitytracker.com/id?1023307 http://secunia.com/advisories/37584 http://secunia.com/advisories/37902 http://secunia.com/advisories/38241 http://www.vupen.com/english/advisories/2009/3456 http://www.vupen.com/english/advisories/2010/0173 XForce ISS Database: flash-air-jpeg-code-execution(54631) http://xforce.iss.net/xforce/xfdb/54631 Common Vulnerability Exposure (CVE) ID: CVE-2009-3796 http://osvdb.org/60886 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7460 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7763 XForce ISS Database: flash-air-data-code-execution(54632) http://xforce.iss.net/xforce/xfdb/54632 Common Vulnerability Exposure (CVE) ID: CVE-2009-3797 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7140 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8350 XForce ISS Database: flash-air-corruption-code-execution(54633) http://xforce.iss.net/xforce/xfdb/54633 Common Vulnerability Exposure (CVE) ID: CVE-2009-3798 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6899 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7902 XForce ISS Database: flash-air-unspecified-code-execution(54634) http://xforce.iss.net/xforce/xfdb/54634 Common Vulnerability Exposure (CVE) ID: CVE-2009-3799 Bugtraq: 20091209 ZDI-09-093: Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/508334/100/0/threaded http://zerodayinitiative.com/advisories/ZDI-09-093/ http://osvdb.org/60889 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7191 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8208 XForce ISS Database: flash-air-unspecified-overflow(54635) http://xforce.iss.net/xforce/xfdb/54635 Common Vulnerability Exposure (CVE) ID: CVE-2009-3800 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6972 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8613 XForce ISS Database: flash-air-multiple-code-execution(54636) http://xforce.iss.net/xforce/xfdb/54636 Common Vulnerability Exposure (CVE) ID: CVE-2009-3951 http://osvdb.org/60891 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6663 XForce ISS Database: flash-activex-information-disclosure(54637) http://xforce.iss.net/xforce/xfdb/54637
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: