cvelistv5 - cve-2009-3800

cve-2009-3800

Vulnerability from cvelistv5

Published

2009-12-10 19:00

Modified

2024-08-07 06:38

Severity ?

Summary

Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

References

URL	Tags
psirt@adobe.com	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
psirt@adobe.com	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
psirt@adobe.com	http://secunia.com/advisories/37584	Vendor Advisory
psirt@adobe.com	http://secunia.com/advisories/37902
psirt@adobe.com	http://secunia.com/advisories/38241
psirt@adobe.com	http://securitytracker.com/id?1023306	Patch
psirt@adobe.com	http://securitytracker.com/id?1023307	Patch
psirt@adobe.com	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
psirt@adobe.com	http://support.apple.com/kb/HT4004
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb09-19.html	Patch, Vendor Advisory
psirt@adobe.com	http://www.redhat.com/support/errata/RHSA-2009-1657.html	Patch
psirt@adobe.com	http://www.redhat.com/support/errata/RHSA-2009-1658.html	Patch
psirt@adobe.com	http://www.securityfocus.com/bid/37199
psirt@adobe.com	http://www.us-cert.gov/cas/techalerts/TA09-343A.html	US Government Resource
psirt@adobe.com	http://www.vupen.com/english/advisories/2009/3456	Patch, Vendor Advisory
psirt@adobe.com	http://www.vupen.com/english/advisories/2010/0173
psirt@adobe.com	https://bugzilla.redhat.com/show_bug.cgi?id=543857	Patch
psirt@adobe.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/54636
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37584	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37902
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38241
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023306	Patch
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023307	Patch
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4004
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-19.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1657.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1658.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37199
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-343A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3456	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0173
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=543857	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/54636
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:38:30.384Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2009:1657",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
          },
          {
            "name": "1023307",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023307"
          },
          {
            "name": "flash-air-multiple-code-execution(54636)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54636"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4004"
          },
          {
            "name": "1021716",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
          },
          {
            "name": "APPLE-SA-2010-01-19-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
          },
          {
            "name": "ADV-2009-3456",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3456"
          },
          {
            "name": "SUSE-SA:2009:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
          },
          {
            "name": "37584",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37584"
          },
          {
            "name": "37902",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37902"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
          },
          {
            "name": "1023306",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023306"
          },
          {
            "name": "oval:org.mitre.oval:def:8613",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613"
          },
          {
            "name": "RHSA-2009:1658",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
          },
          {
            "name": "oval:org.mitre.oval:def:16054",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054"
          },
          {
            "name": "TA09-343A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
          },
          {
            "name": "38241",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38241"
          },
          {
            "name": "37199",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37199"
          },
          {
            "name": "oval:org.mitre.oval:def:6972",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972"
          },
          {
            "name": "ADV-2010-0173",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0173"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "RHSA-2009:1657",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
        },
        {
          "name": "1023307",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023307"
        },
        {
          "name": "flash-air-multiple-code-execution(54636)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54636"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4004"
        },
        {
          "name": "1021716",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
        },
        {
          "name": "APPLE-SA-2010-01-19-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
        },
        {
          "name": "ADV-2009-3456",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3456"
        },
        {
          "name": "SUSE-SA:2009:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "name": "37584",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37584"
        },
        {
          "name": "37902",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37902"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
        },
        {
          "name": "1023306",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023306"
        },
        {
          "name": "oval:org.mitre.oval:def:8613",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613"
        },
        {
          "name": "RHSA-2009:1658",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
        },
        {
          "name": "oval:org.mitre.oval:def:16054",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054"
        },
        {
          "name": "TA09-343A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
        },
        {
          "name": "38241",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38241"
        },
        {
          "name": "37199",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37199"
        },
        {
          "name": "oval:org.mitre.oval:def:6972",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972"
        },
        {
          "name": "ADV-2010-0173",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0173"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2009-3800",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2009:1657",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
            },
            {
              "name": "1023307",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023307"
            },
            {
              "name": "flash-air-multiple-code-execution(54636)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54636"
            },
            {
              "name": "http://support.apple.com/kb/HT4004",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4004"
            },
            {
              "name": "1021716",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
            },
            {
              "name": "APPLE-SA-2010-01-19-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
            },
            {
              "name": "ADV-2009-3456",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3456"
            },
            {
              "name": "SUSE-SA:2009:062",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=543857",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
            },
            {
              "name": "37584",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37584"
            },
            {
              "name": "37902",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37902"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
            },
            {
              "name": "1023306",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023306"
            },
            {
              "name": "oval:org.mitre.oval:def:8613",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613"
            },
            {
              "name": "RHSA-2009:1658",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
            },
            {
              "name": "oval:org.mitre.oval:def:16054",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054"
            },
            {
              "name": "TA09-343A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
            },
            {
              "name": "38241",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38241"
            },
            {
              "name": "37199",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37199"
            },
            {
              "name": "oval:org.mitre.oval:def:6972",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972"
            },
            {
              "name": "ADV-2010-0173",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0173"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2009-3800",
    "datePublished": "2009-12-10T19:00:00",
    "dateReserved": "2009-10-26T00:00:00",
    "dateUpdated": "2024-08-07T06:38:30.384Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.5.2\", \"matchCriteriaId\": \"0A0CABFD-DFD2-4FF1-AC2A-712D9831AE36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97F0F4B8-A8AE-4AF2-8991-36DF5478AC90\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F180F403-7032-497F-955B-0CB1D5CA3A74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51905ABB-C598-415F-9B6C-26963129352A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16E50A13-564F-4CE7-8335-B99B83AA0B86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.0.32.18\", \"matchCriteriaId\": \"6EBD1150-4225-46AC-AF3A-A981FF80EB49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDFF4A51-C936-4C5B-8276-FD454C9E4F40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5ECC9D7-3386-4FEA-9218-91E31FF90F3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0E93289-6EE0-401A-958D-F59D2CDAE2F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A82D5B56-44E0-4120-B73E-0A1155AF4B05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E895107-ED8A-4F88-87C3-935EAE299C01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4007D621-A0BC-4927-82A7-10D73802BCF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"641776AE-5408-439E-8290-DD9324771874\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"138A932A-D775-46A2-86EC-3C03C96884C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*\", \"matchCriteriaId\": \"9D344A18-4D7B-4B9C-8A8D-AE765FCA32C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:*\", \"matchCriteriaId\": \"1DAAAEA6-ED8F-496B-81B5-E8D3E3176287\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D12E3957-D7B2-4F3B-BB64-8B50B8958DEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*\", \"matchCriteriaId\": \"F648661E-BA18-41F9-A0A7-F9D5D7E2056B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*\", \"matchCriteriaId\": \"A88BDD68-3EDD-49F4-B656-EB03BF849664\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32912721-F750-4C20-B999-E728F7D3A85D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A95FA639-346C-491C-81A8-6C2A7B01AA19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC7DD938-F963-4E03-B66B-F00436E4EA9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2A0777F-22C2-4FD5-BE81-8982BE6874D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"600DDA9D-6440-48D1-8539-7127398A8678\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"934A869D-D58D-4C36-B86E-013F62790585\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACFA6611-99DA-48B0-89F7-DD99B8E30334\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59AF804B-BD7A-4AD7-AD44-B5D980443B8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5D52F86-2E38-4C66-9939-7603367B8D0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0557AA2A-FA3A-460A-8F03-DC74B149CA3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FC04ABF-6191-4AA5-90B2-E7A97E6C6005\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F22F1B02-CCF5-4770-A79B-1F58CA4321CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AE89894-E492-4380-8A2B-4CDD3A15667A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C6ED706-BAF2-4795-B597-6F7EE8CA8911\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"260E2CF6-4D15-4168-A933-3EC52D8F93FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D50BF190-2629-49A8-A377-4723C93FFB3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDD0A103-6D00-4D3D-9570-2DF74B6FE294\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33AC4365-576C-487A-89C5-197A26D416C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE848097-01E6-4C9B-9593-282D55CC77D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08E4028B-72E7-4E4A-AD0F-645F5AACAA29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63313ADA-3C52-47C8-9745-6BF6AEF0F6AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA646396-7C10-45A0-89A9-C75C5D8AFB3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3555324F-40F8-4BF4-BE5F-52A1E22B3AFA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades sin especificar en Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 permite a atacantes producir una denegaci\\u00f3n de servicio (ca\\u00edda de aplicaci\\u00f3n) o posiblemente ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de vectores desconocidos.\"}]",
      "id": "CVE-2009-3800",
      "lastModified": "2024-11-21T01:08:12.413",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2009-12-10T19:30:00.593",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://secunia.com/advisories/37584\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/37902\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://secunia.com/advisories/38241\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://securitytracker.com/id?1023306\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://securitytracker.com/id?1023307\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://support.apple.com/kb/HT4004\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb09-19.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-1657.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-1658.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/37199\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-343A.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/3456\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0173\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=543857\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/54636\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/37584\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/37902\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/38241\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1023306\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://securitytracker.com/id?1023307\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT4004\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb09-19.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-1657.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-1658.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/37199\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-343A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/3456\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0173\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=543857\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/54636\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "psirt@adobe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-3800\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2009-12-10T19:30:00.593\",\"lastModified\":\"2024-11-21T01:08:12.413\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades sin especificar en Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 permite a atacantes producir una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.2\",\"matchCriteriaId\":\"0A0CABFD-DFD2-4FF1-AC2A-712D9831AE36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97F0F4B8-A8AE-4AF2-8991-36DF5478AC90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F180F403-7032-497F-955B-0CB1D5CA3A74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51905ABB-C598-415F-9B6C-26963129352A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16E50A13-564F-4CE7-8335-B99B83AA0B86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.0.32.18\",\"matchCriteriaId\":\"6EBD1150-4225-46AC-AF3A-A981FF80EB49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDFF4A51-C936-4C5B-8276-FD454C9E4F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5ECC9D7-3386-4FEA-9218-91E31FF90F3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0E93289-6EE0-401A-958D-F59D2CDAE2F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A82D5B56-44E0-4120-B73E-0A1155AF4B05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E895107-ED8A-4F88-87C3-935EAE299C01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4007D621-A0BC-4927-82A7-10D73802BCF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"641776AE-5408-439E-8290-DD9324771874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"138A932A-D775-46A2-86EC-3C03C96884C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*\",\"matchCriteriaId\":\"9D344A18-4D7B-4B9C-8A8D-AE765FCA32C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:*\",\"matchCriteriaId\":\"1DAAAEA6-ED8F-496B-81B5-E8D3E3176287\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D12E3957-D7B2-4F3B-BB64-8B50B8958DEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*\",\"matchCriteriaId\":\"F648661E-BA18-41F9-A0A7-F9D5D7E2056B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*\",\"matchCriteriaId\":\"A88BDD68-3EDD-49F4-B656-EB03BF849664\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32912721-F750-4C20-B999-E728F7D3A85D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A95FA639-346C-491C-81A8-6C2A7B01AA19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC7DD938-F963-4E03-B66B-F00436E4EA9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A0777F-22C2-4FD5-BE81-8982BE6874D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"600DDA9D-6440-48D1-8539-7127398A8678\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"934A869D-D58D-4C36-B86E-013F62790585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACFA6611-99DA-48B0-89F7-DD99B8E30334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59AF804B-BD7A-4AD7-AD44-B5D980443B8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5D52F86-2E38-4C66-9939-7603367B8D0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0557AA2A-FA3A-460A-8F03-DC74B149CA3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FC04ABF-6191-4AA5-90B2-E7A97E6C6005\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F22F1B02-CCF5-4770-A79B-1F58CA4321CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AE89894-E492-4380-8A2B-4CDD3A15667A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C6ED706-BAF2-4795-B597-6F7EE8CA8911\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"260E2CF6-4D15-4168-A933-3EC52D8F93FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D50BF190-2629-49A8-A377-4723C93FFB3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDD0A103-6D00-4D3D-9570-2DF74B6FE294\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33AC4365-576C-487A-89C5-197A26D416C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE848097-01E6-4C9B-9593-282D55CC77D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08E4028B-72E7-4E4A-AD0F-645F5AACAA29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63313ADA-3C52-47C8-9745-6BF6AEF0F6AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA646396-7C10-45A0-89A9-C75C5D8AFB3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3555324F-40F8-4BF4-BE5F-52A1E22B3AFA\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://secunia.com/advisories/37584\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37902\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://secunia.com/advisories/38241\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://securitytracker.com/id?1023306\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://securitytracker.com/id?1023307\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://support.apple.com/kb/HT4004\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-19.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1657.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1658.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/37199\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-343A.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3456\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0173\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=543857\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/54636\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/37584\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37902\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38241\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1023306\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://securitytracker.com/id?1023307\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-19.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1657.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1658.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/37199\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-343A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0173\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=543857\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/54636\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

RHSA-2009:1658

Vulnerability from csaf_redhat

Published

2009-12-09 16:17

Modified

2024-11-14 10:47

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 Extras and 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 9.0.260.0.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 3 Extras and 4 Extras.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nMultiple security flaws were found in the way Flash Player displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npossibly, execute arbitrary code when the victim loaded a page containing\nthe specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796,\nCVE-2009-3798, CVE-2009-3799, CVE-2009-3800)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.260.0.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1658",
        "url": "https://access.redhat.com/errata/RHSA-2009:1658"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
      },
      {
        "category": "external",
        "summary": "543857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1658.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:47:37+00:00",
      "generator": {
        "date": "2024-11-14T10:47:37+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2009:1658",
      "initial_release_date": "2009-12-09T16:17:00+00:00",
      "revision_history": [
        {
          "date": "2009-12-09T16:17:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-12-09T11:17:28+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:47:37+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
                  "product_id": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.260.0-1.el3.with.oss?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.260.0-1.el4.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.260.0-1.el4.i386",
                  "product_id": "flash-plugin-0:9.0.260.0-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.260.0-1.el4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-3794",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3794",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3796",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a \"data injection vulnerability.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3798",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3799",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to \"generation of ActionScript exception handlers.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3800",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    }
  ]
}

rhsa-2009_1657

Vulnerability from csaf_redhat

Published

2009-12-09 16:11

Modified

2024-11-14 10:47

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.0.42.34.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nMultiple security flaws were found in the way Flash Player displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npossibly, execute arbitrary code when the victim loaded a page containing\nthe specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796,\nCVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.42.34.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1657",
        "url": "https://access.redhat.com/errata/RHSA-2009:1657"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
      },
      {
        "category": "external",
        "summary": "543857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1657.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:47:33+00:00",
      "generator": {
        "date": "2024-11-14T10:47:33+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2009:1657",
      "initial_release_date": "2009-12-09T16:11:00+00:00",
      "revision_history": [
        {
          "date": "2009-12-09T16:11:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-12-09T11:12:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:47:33+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:10.0.42.34-1.el5.i386",
                "product": {
                  "name": "flash-plugin-0:10.0.42.34-1.el5.i386",
                  "product_id": "flash-plugin-0:10.0.42.34-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@10.0.42.34-1.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.42.34-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.42.34-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.42.34-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.42.34-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-3794",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3794",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3796",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a \"data injection vulnerability.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3797",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3797"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3797"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3797",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3797"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3798",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3799",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to \"generation of ActionScript exception handlers.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3800",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    }
  ]
}

rhsa-2009:1658

Vulnerability from csaf_redhat

Published

2009-12-09 16:17

Modified

2024-11-14 10:47

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 3 Extras and 4 Extras.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nMultiple security flaws were found in the way Flash Player displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npossibly, execute arbitrary code when the victim loaded a page containing\nthe specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796,\nCVE-2009-3798, CVE-2009-3799, CVE-2009-3800)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.260.0.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1658",
        "url": "https://access.redhat.com/errata/RHSA-2009:1658"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
      },
      {
        "category": "external",
        "summary": "543857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1658.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:47:37+00:00",
      "generator": {
        "date": "2024-11-14T10:47:37+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2009:1658",
      "initial_release_date": "2009-12-09T16:17:00+00:00",
      "revision_history": [
        {
          "date": "2009-12-09T16:17:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-12-09T11:17:28+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:47:37+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
                  "product_id": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.260.0-1.el3.with.oss?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.260.0-1.el4.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.260.0-1.el4.i386",
                  "product_id": "flash-plugin-0:9.0.260.0-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.260.0-1.el4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-3794",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3794",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3796",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a \"data injection vulnerability.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3798",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3799",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to \"generation of ActionScript exception handlers.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3800",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    }
  ]
}

rhsa-2009_1658

Vulnerability from csaf_redhat

Published

2009-12-09 16:17

Modified

2024-11-14 10:47

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 3 Extras and 4 Extras.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nMultiple security flaws were found in the way Flash Player displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npossibly, execute arbitrary code when the victim loaded a page containing\nthe specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796,\nCVE-2009-3798, CVE-2009-3799, CVE-2009-3800)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.260.0.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1658",
        "url": "https://access.redhat.com/errata/RHSA-2009:1658"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
      },
      {
        "category": "external",
        "summary": "543857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1658.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:47:37+00:00",
      "generator": {
        "date": "2024-11-14T10:47:37+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2009:1658",
      "initial_release_date": "2009-12-09T16:17:00+00:00",
      "revision_history": [
        {
          "date": "2009-12-09T16:17:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-12-09T11:17:28+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:47:37+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
                  "product_id": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.260.0-1.el3.with.oss?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.260.0-1.el4.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.260.0-1.el4.i386",
                  "product_id": "flash-plugin-0:9.0.260.0-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.260.0-1.el4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.260.0-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.260.0-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-3794",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3794",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3796",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a \"data injection vulnerability.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3798",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3799",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to \"generation of ActionScript exception handlers.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3800",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1658"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.260.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.260.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.260.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    }
  ]
}

rhsa-2009:1657

Vulnerability from csaf_redhat

Published

2009-12-09 16:11

Modified

2024-11-14 10:47

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

Details

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.0.42.34.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nMultiple security flaws were found in the way Flash Player displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npossibly, execute arbitrary code when the victim loaded a page containing\nthe specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796,\nCVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.42.34.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1657",
        "url": "https://access.redhat.com/errata/RHSA-2009:1657"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
      },
      {
        "category": "external",
        "summary": "543857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1657.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:47:33+00:00",
      "generator": {
        "date": "2024-11-14T10:47:33+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2009:1657",
      "initial_release_date": "2009-12-09T16:11:00+00:00",
      "revision_history": [
        {
          "date": "2009-12-09T16:11:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-12-09T11:12:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:47:33+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:10.0.42.34-1.el5.i386",
                "product": {
                  "name": "flash-plugin-0:10.0.42.34-1.el5.i386",
                  "product_id": "flash-plugin-0:10.0.42.34-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@10.0.42.34-1.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.42.34-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.42.34-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.42.34-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.42.34-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-3794",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3794",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3796",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a \"data injection vulnerability.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3797",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3797"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3797"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3797",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3797"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3798",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3799",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to \"generation of ActionScript exception handlers.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3800",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    }
  ]
}

RHSA-2009:1657

Vulnerability from csaf_redhat

Published

2009-12-09 16:11

Modified

2024-11-14 10:47

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

Details

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.0.42.34.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nMultiple security flaws were found in the way Flash Player displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npossibly, execute arbitrary code when the victim loaded a page containing\nthe specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796,\nCVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.42.34.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1657",
        "url": "https://access.redhat.com/errata/RHSA-2009:1657"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
      },
      {
        "category": "external",
        "summary": "543857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1657.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:47:33+00:00",
      "generator": {
        "date": "2024-11-14T10:47:33+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2009:1657",
      "initial_release_date": "2009-12-09T16:11:00+00:00",
      "revision_history": [
        {
          "date": "2009-12-09T16:11:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-12-09T11:12:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:47:33+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:10.0.42.34-1.el5.i386",
                "product": {
                  "name": "flash-plugin-0:10.0.42.34-1.el5.i386",
                  "product_id": "flash-plugin-0:10.0.42.34-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@10.0.42.34-1.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.42.34-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.42.34-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.42.34-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.42.34-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-3794",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3794",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3794"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3794"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3796",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a \"data injection vulnerability.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3796"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3796"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3797",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3797"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3797"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3797",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3797"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3798",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3798"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3798"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3799",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to \"generation of ActionScript exception handlers.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3799"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3799"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    },
    {
      "cve": "CVE-2009-3800",
      "discovery_date": "2009-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "543857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "RHBZ#543857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3800"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-12-09T16:11:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1657"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.42.34-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)"
    }
  ]
}

cve-2009-3800

Vulnerability from fkie_nvd

Published

2009-12-10 19:30

Modified

2024-11-21 01:08

Severity ?

Summary

References

URL	Tags
psirt@adobe.com	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
psirt@adobe.com	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
psirt@adobe.com	http://secunia.com/advisories/37584	Vendor Advisory
psirt@adobe.com	http://secunia.com/advisories/37902
psirt@adobe.com	http://secunia.com/advisories/38241
psirt@adobe.com	http://securitytracker.com/id?1023306	Patch
psirt@adobe.com	http://securitytracker.com/id?1023307	Patch
psirt@adobe.com	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
psirt@adobe.com	http://support.apple.com/kb/HT4004
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb09-19.html	Patch, Vendor Advisory
psirt@adobe.com	http://www.redhat.com/support/errata/RHSA-2009-1657.html	Patch
psirt@adobe.com	http://www.redhat.com/support/errata/RHSA-2009-1658.html	Patch
psirt@adobe.com	http://www.securityfocus.com/bid/37199
psirt@adobe.com	http://www.us-cert.gov/cas/techalerts/TA09-343A.html	US Government Resource
psirt@adobe.com	http://www.vupen.com/english/advisories/2009/3456	Patch, Vendor Advisory
psirt@adobe.com	http://www.vupen.com/english/advisories/2010/0173
psirt@adobe.com	https://bugzilla.redhat.com/show_bug.cgi?id=543857	Patch
psirt@adobe.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/54636
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37584	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37902
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38241
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023306	Patch
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023307	Patch
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4004
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-19.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1657.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1658.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37199
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-343A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3456	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0173
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=543857	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/54636
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613

Impacted products

Vendor	Product	Version
adobe	adobe_air	*
adobe	adobe_air	1.0
adobe	adobe_air	1.0.1
adobe	adobe_air	1.1
adobe	adobe_air	1.5.1
adobe	flash_player	*
adobe	flash_player	7.0
adobe	flash_player	7.0.1
adobe	flash_player	7.0.25
adobe	flash_player	7.0.63
adobe	flash_player	7.0.69.0
adobe	flash_player	7.0.70.0
adobe	flash_player	7.1
adobe	flash_player	7.1.1
adobe	flash_player	7.2
adobe	flash_player	8
adobe	flash_player	8
adobe	flash_player	8.0
adobe	flash_player	8.0
adobe	flash_player	8.0
adobe	flash_player	8.0.24.0
adobe	flash_player	8.0.34.0
adobe	flash_player	8.0.35.0
adobe	flash_player	8.0.39.0
adobe	flash_player	9.0
adobe	flash_player	9.0.16
adobe	flash_player	9.0.18d60
adobe	flash_player	9.0.20
adobe	flash_player	9.0.20.0
adobe	flash_player	9.0.28
adobe	flash_player	9.0.28.0
adobe	flash_player	9.0.31
adobe	flash_player	9.0.31.0
adobe	flash_player	9.0.45.0
adobe	flash_player	9.0.47.0
adobe	flash_player	9.0.112.0
adobe	flash_player	9.0.114.0
adobe	flash_player	9.0.115.0
adobe	flash_player	9.0.124.0
adobe	flash_player	9.0.155.0
adobe	flash_player	9.0.159.0
adobe	flash_player	9.125.0
adobe	flash_player	10.0.0.584
adobe	flash_player	10.0.12.10
adobe	flash_player	10.0.12.36
adobe	flash_player	10.0.22.87

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A0CABFD-DFD2-4FF1-AC2A-712D9831AE36",
              "versionEndIncluding": "1.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97F0F4B8-A8AE-4AF2-8991-36DF5478AC90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F180F403-7032-497F-955B-0CB1D5CA3A74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "51905ABB-C598-415F-9B6C-26963129352A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E50A13-564F-4CE7-8335-B99B83AA0B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBD1150-4225-46AC-AF3A-A981FF80EB49",
              "versionEndIncluding": "10.0.32.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*",
              "matchCriteriaId": "9D344A18-4D7B-4B9C-8A8D-AE765FCA32C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:*",
              "matchCriteriaId": "1DAAAEA6-ED8F-496B-81B5-E8D3E3176287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*",
              "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*",
              "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A0777F-22C2-4FD5-BE81-8982BE6874D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*",
              "matchCriteriaId": "600DDA9D-6440-48D1-8539-7127398A8678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5D52F86-2E38-4C66-9939-7603367B8D0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDD0A103-6D00-4D3D-9570-2DF74B6FE294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33AC4365-576C-487A-89C5-197A26D416C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE848097-01E6-4C9B-9593-282D55CC77D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA646396-7C10-45A0-89A9-C75C5D8AFB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*",
              "matchCriteriaId": "3555324F-40F8-4BF4-BE5F-52A1E22B3AFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades sin especificar en Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 permite a atacantes producir una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2009-3800",
  "lastModified": "2024-11-21T01:08:12.413",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-12-10T19:30:00.593",
  "references": [
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37584"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://secunia.com/advisories/37902"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://secunia.com/advisories/38241"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1023306"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1023307"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://support.apple.com/kb/HT4004"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/bid/37199"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3456"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.vupen.com/english/advisories/2010/0173"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54636"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37584"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1023306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1023307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-m4pf-7wg7-pxj3

Vulnerability from github

Published

2022-05-02 03:48

Modified

2022-05-02 03:48

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3800"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-12-10T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
  "id": "GHSA-m4pf-7wg7-pxj3",
  "modified": "2022-05-02T03:48:33Z",
  "published": "2022-05-02T03:48:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3800"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54636"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37584"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37902"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38241"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023306"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023307"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4004"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/37199"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3456"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0173"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2009-3800

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-3800

Aliases

CVE-2009-3800

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-3800",
    "description": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
    "id": "GSD-2009-3800",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-3800.html",
      "https://access.redhat.com/errata/RHSA-2009:1658",
      "https://access.redhat.com/errata/RHSA-2009:1657"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-3800"
      ],
      "details": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.",
      "id": "GSD-2009-3800",
      "modified": "2023-12-13T01:19:48.846685Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2009-3800",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2009:1657",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
          },
          {
            "name": "1023307",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1023307"
          },
          {
            "name": "flash-air-multiple-code-execution(54636)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54636"
          },
          {
            "name": "http://support.apple.com/kb/HT4004",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4004"
          },
          {
            "name": "1021716",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
          },
          {
            "name": "APPLE-SA-2010-01-19-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
          },
          {
            "name": "ADV-2009-3456",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/3456"
          },
          {
            "name": "SUSE-SA:2009:062",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=543857",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
          },
          {
            "name": "37584",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37584"
          },
          {
            "name": "37902",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37902"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
          },
          {
            "name": "1023306",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1023306"
          },
          {
            "name": "oval:org.mitre.oval:def:8613",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613"
          },
          {
            "name": "RHSA-2009:1658",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
          },
          {
            "name": "oval:org.mitre.oval:def:16054",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054"
          },
          {
            "name": "TA09-343A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
          },
          {
            "name": "38241",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38241"
          },
          {
            "name": "37199",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/37199"
          },
          {
            "name": "oval:org.mitre.oval:def:6972",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972"
          },
          {
            "name": "ADV-2010-0173",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0173"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.0.32.18",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2009-3800"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2009:1658",
              "refsource": "REDHAT",
              "tags": [
                "Patch"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
            },
            {
              "name": "37199",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/37199"
            },
            {
              "name": "37584",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/37584"
            },
            {
              "name": "RHSA-2009:1657",
              "refsource": "REDHAT",
              "tags": [
                "Patch"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
            },
            {
              "name": "ADV-2009-3456",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3456"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=543857",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
            },
            {
              "name": "TA09-343A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
            },
            {
              "name": "1023306",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1023306"
            },
            {
              "name": "1023307",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1023307"
            },
            {
              "name": "SUSE-SA:2009:062",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
            },
            {
              "name": "37902",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/37902"
            },
            {
              "name": "http://support.apple.com/kb/HT4004",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4004"
            },
            {
              "name": "APPLE-SA-2010-01-19-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
            },
            {
              "name": "ADV-2010-0173",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0173"
            },
            {
              "name": "38241",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38241"
            },
            {
              "name": "1021716",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
            },
            {
              "name": "flash-air-multiple-code-execution(54636)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54636"
            },
            {
              "name": "oval:org.mitre.oval:def:8613",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613"
            },
            {
              "name": "oval:org.mitre.oval:def:6972",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972"
            },
            {
              "name": "oval:org.mitre.oval:def:16054",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-30T16:26Z",
      "publishedDate": "2009-12-10T19:30Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from cvelistv5

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from fkie_nvd

Vulnerability from github

Vulnerability from gsd

Tags

Sightings

Nomenclature