CVE-2009-3951 Details

CVE-2009-3951

Published: 2009-12-10
Last Modified: 2018-10-30
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.

Analysis
Common Vulnerability Score System v2.0
Severity High
Base Score 7.1/10
Exploit Score 8.6/10
Access Vector Network
Access Complexity Medium
Authentication None
Impact Score 6.9/10
Confidentiality Impact Complete
Availability Impact None
Integrity Impact None
Vector String AV:N/AC:M/Au:N/C:C/I:N/A:N
Common Vulnerability Score System v3.1

NIST has not assigned a CVSSv3.1 Score.

Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* No - -
cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* Yes - -
References

http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
http://osvdb.org/60891
http://secunia.com/advisories/37584
http://secunia.com/advisories/37902
http://secunia.com/advisories/38241
http://securitytracker.com/id?1023307
http://support.apple.com/kb/HT4004
http://www.adobe.com/support/security/bulletins/apsb09-19.html
http://www.securityfocus.com/bid/37199
http://www.us-cert.gov/cas/techalerts/TA09-343A.html
http://www.vupen.com/english/advisories/2009/3456
http://www.vupen.com/english/advisories/2010/0173
https://exchange.xforce.ibmcloud.com/vulnerabilities/54637
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6663

CVE ID
CVE-2009-3951
Published
2009-12-10
Modified
2018-10-30
CVSSv2.0
High
PCI Compliance
Fail
US-CERT Alert
No
CWE
CWE-200

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.