cbcvebase.
CVE-2009-3794
published 2009-12-10

CVE-2009-3794: Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted…

PriorityP347critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
11.56%
95.5th percentile
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.

Affected

43 ranges· showing 25
VendorProductVersion rangeFixed in
adobeadobe_air<= 1.5.2
adobeadobe_air
adobeadobe_air
adobeadobe_air
adobeadobe_air
adobeflash_player<= 10.0.32.18
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.