CVE-2009-3951
Last modified
CVE-2009-3951 is a vulnerability of currently unknown severity. Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.. EPSS estimates a 3.81% chance of exploitation in the next 30 days.
Description
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Adobe Air | <= 1.5.2 |
| Adobe | Adobe Air | 1.0 |
| Adobe | Adobe Air | 1.0.1 |
| Adobe | Adobe Air | 1.1 |
| Adobe | Adobe Air | 1.5.1 |
| Adobe | Flash Player | <= 10.0.32.18 |
| Adobe | Flash Player | 7.0 |
| Adobe | Flash Player | 7.0.1 |
| Adobe | Flash Player | 7.0.25 |
| Adobe | Flash Player | 7.0.63 |
| Adobe | Flash Player | 7.0.69.0 |
| Adobe | Flash Player | 7.0.70.0 |
| Adobe | Flash Player | 7.1 |
| Adobe | Flash Player | 7.1.1 |
| Adobe | Flash Player | 7.2 |
| Adobe | Flash Player | 8 |
| Adobe | Flash Player | 8.0 |
| Adobe | Flash Player | 8.0.24.0 |
| Adobe | Flash Player | 8.0.34.0 |
| Adobe | Flash Player | 8.0.35.0 |
| Adobe | Flash Player | 8.0.39.0 |
| Adobe | Flash Player | 9.0 |
| Adobe | Flash Player | 9.0.16 |
| Adobe | Flash Player | 9.0.18d60 |
| Adobe | Flash Player | 9.0.20 |
| Adobe | Flash Player | 9.0.20.0 |
| Adobe | Flash Player | 9.0.28 |
| Adobe | Flash Player | 9.0.28.0 |
| Adobe | Flash Player | 9.0.31 |
| Adobe | Flash Player | 9.0.31.0 |
| Adobe | Flash Player | 9.0.45.0 |
| Adobe | Flash Player | 9.0.47.0 |
| Adobe | Flash Player | 9.0.48.0 |
| Adobe | Flash Player | 9.0.112.0 |
| Adobe | Flash Player | 9.0.114.0 |
| Adobe | Flash Player | 9.0.115.0 |
| Adobe | Flash Player | 9.0.124.0 |
| Adobe | Flash Player | 9.0.155.0 |
| Adobe | Flash Player | 9.0.159.0 |
| Adobe | Flash Player | 9.125.0 |
| Adobe | Flash Player | 10.0.0.584 |
| Adobe | Flash Player | 10.0.12.10 |
| Adobe | Flash Player | 10.0.12.36 |
| Adobe | Flash Player | 10.0.22.87 |
References
- http://secunia.com/advisories/37584Vendor Advisory
- http://www.adobe.com/support/security/bulletins/apsb09-19.htmlPatch, Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA09-343A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2009/3456Patch, Vendor Advisory
- http://secunia.com/advisories/37584Vendor Advisory
- http://www.adobe.com/support/security/bulletins/apsb09-19.htmlPatch, Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA09-343A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2009/3456Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-3951?
How severe is CVE-2009-3951?
How do I fix CVE-2009-3951?
Are you affected by CVE-2009-3951?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST