CVE-2009-1867

CWE-595 documents5 sources
Severity
4.3MEDIUM
EPSS
1.0%
top 23.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Adobe AIRAdobe Flash PlayerAdobe Flex
Timeline
PublishedJul 31
Latest updateMay 2

Description

Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDadobe/flash_player10.0.22.87+30
NVDadobe/air1.5.1+4
NVDadobe/flex3.0

Patches

Patch: www.adobe.comPatch: www.vupen.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-r26x-f2vh-qpgr: Adobe Flash Player before 92022-05-02
CVEList
CVE-2009-1867: Adobe Flash Player before 92009-07-31

📋Vendor Advisories

1
Red Hat
flash-plugin: multiple information disclosure flaws (APSB09-10)2009-07-30

💬Community

1
Bugzilla
flash-plugin: multiple information disclosure flaws (APSB09-10)2009-07-31
CVE-2009-1867 (MEDIUM CVSS 4.3) | Adobe Flash Player before 9.0.246.0 | cvebase.io