CVE-2009-3951

Description

Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.

Affected products

• Adobe / adobe_air1.5.2
• Adobe / adobe_air1.0 – 1.0
• Adobe / adobe_air1.0.1 – 1.0.1
• Adobe / adobe_air1.1 – 1.1
• Adobe / adobe_air1.5.1 – 1.5.1
• Adobe / Flash Player10.0.32.18
• Adobe / Flash Player7.0 – 7.0
• Adobe / Flash Player7.0.1 – 7.0.1
• Adobe / Flash Player7.0.25 – 7.0.25
• Adobe / Flash Player7.0.63 – 7.0.63
• Adobe / Flash Player7.0.69.0 – 7.0.69.0
• Adobe / Flash Player7.0.70.0 – 7.0.70.0
• Adobe / Flash Player7.1 – 7.1
• Adobe / Flash Player7.1.1 – 7.1.1
• Adobe / Flash Player7.2 – 7.2
• Adobe / Flash Player8 – 8
• Adobe / Flash Player8 – 8
• Adobe / Flash Player8.0 – 8.0
• Adobe / Flash Player8.0 – 8.0
• Adobe / Flash Player8.0 – 8.0
• Adobe / Flash Player8.0.24.0 – 8.0.24.0
• Adobe / Flash Player8.0.34.0 – 8.0.34.0
• Adobe / Flash Player8.0.35.0 – 8.0.35.0
• Adobe / Flash Player8.0.39.0 – 8.0.39.0
• Adobe / Flash Player9.0 – 9.0
• Adobe / Flash Player9.0.16 – 9.0.16
• Adobe / Flash Player9.0.18d60 – 9.0.18d60
• Adobe / Flash Player9.0.20 – 9.0.20
• Adobe / Flash Player9.0.20.0 – 9.0.20.0
• Adobe / Flash Player9.0.28 – 9.0.28
• Adobe / Flash Player9.0.28.0 – 9.0.28.0
• Adobe / Flash Player9.0.31 – 9.0.31
• Adobe / Flash Player9.0.31.0 – 9.0.31.0
• Adobe / Flash Player9.0.45.0 – 9.0.45.0
• Adobe / Flash Player9.0.47.0 – 9.0.47.0
• Adobe / Flash Player9.0.48.0 – 9.0.48.0
• Adobe / Flash Player9.0.112.0 – 9.0.112.0
• Adobe / Flash Player9.0.114.0 – 9.0.114.0
• Adobe / Flash Player9.0.115.0 – 9.0.115.0
• Adobe / Flash Player9.0.124.0 – 9.0.124.0
• Adobe / Flash Player9.0.155.0 – 9.0.155.0
• Adobe / Flash Player9.0.159.0 – 9.0.159.0
• Adobe / Flash Player9.125.0 – 9.125.0
• Adobe / Flash Player10.0.0.584 – 10.0.0.584
• Adobe / Flash Player10.0.12.10 – 10.0.12.10
• Adobe / Flash Player10.0.12.36 – 10.0.12.36
• Adobe / Flash Player10.0.22.87 – 10.0.22.87

References

• MISChttp://securitytracker.com/id?1023307
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6663
• VENDOR_ADVISORYhttp://support.apple.com/kb/HT4004
• MAILING_LISThttp://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/3456
• MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/37584
• VENDOR_ADVISORYhttp://secunia.com/advisories/37902
• VENDOR_ADVISORYhttp://www.adobe.com/support/security/bulletins/apsb09-19.html
• MISChttp://osvdb.org/60891
• MISChttp://www.us-cert.gov/cas/techalerts/TA09-343A.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/38241
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/54637
• MISChttp://www.securityfocus.com/bid/37199
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/0173