CVE-2009-1870

CWE-200Information Exposure4 documents4 sources
Severity
4.9MEDIUM
EPSS
0.2%
top 59.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Adobe AIRAdobe Flash PlayerAdobe Flex
Timeline
PublishedJul 31
Latest updateMay 2

Description

Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."

CVSS vector

AV:L/AC:L/C:C/I:N/A:NExploitability: 3.9 | Impact: 6.9

Affected Packages3 packages

NVDadobe/flash_player10.0.22.87+30
NVDadobe/air1.5.1+4
NVDadobe/flex3.0

Patches

Patch: www.adobe.comPatch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-qwmj-9j79-8g4m: Adobe Flash Player before 92022-05-02
CVEList
CVE-2009-1870: Adobe Flash Player before 92009-07-31

📋Vendor Advisories

1
Red Hat
flash-plugin: multiple information disclosure flaws (APSB09-10)2009-07-30
CVE-2009-1870 (MEDIUM CVSS 4.9) | Adobe Flash Player before 9.0.246.0 | cvebase.io