CVE-2009-3796 — Code Injection in Adobe AIR

CWE-94 — Code Injection10 documents5 sources

Severity

9.3CRITICALNVD

EPSS

2.9%

top 13.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

2

Adobe AIR Adobe Flash Player

Timeline

PublishedDec 10

Latest updateMay 2

Description

Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDadobe/flash_player10.0.32.18+37

▶NVDadobe/adobe_air1.5.2+4

Patches

Patch: securitytracker.com ↗Patch: securitytracker.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-49c9-9c2p-h2gm: Adobe Flash Player before 10↗2022-05-02

▶

CVEList

CVE-2009-3796: Adobe Flash Player before 10↗2009-12-10

▶

📋Vendor Advisories

6

Red Hat

flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)↗2009-12-08

▶

Red Hat

flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)↗2009-12-08

▶

Red Hat

flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)↗2009-12-08

▶

Red Hat

flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)↗2009-12-08

▶

Red Hat

flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)↗2009-12-08

▶

💬Community

1

Bugzilla

flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)↗2009-12-03

▶

CVE-2009-3796 — Code Injection in Adobe AIR | cvebase