CVE-2009-3951Sensitive Information Exposure in Adobe AIR

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
7.1HIGHNVD
EPSS
6.9%
top 8.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AIRAdobe Flash Player
Timeline
PublishedDec 10
Latest updateMay 2

Description

Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.

CVSS vector

AV:N/AC:M/C:C/I:N/A:NExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

NVDadobe/flash_player10.0.32.18+38
NVDadobe/adobe_air1.5.2+4

Patches

Patch: securitytracker.comPatch: www.adobe.comPatch: www.vupen.com

🔴Vulnerability Details

2
GHSA
GHSA-jw8f-j76p-rv4j: Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 102022-05-02
CVEList
CVE-2009-3951: Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 102009-12-10
CVE-2009-3951 — Sensitive Information Exposure in Adobe | cvebase