CVE-2009-3951

2009-12-1019:30:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2009-3951

flash player

adobe

vulnerability

remote attackers

local files

6.2 Medium

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.009 Low

EPSS

Percentile

82.8%

JSON

Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.

CPENameOperatorVersion
adobe:adobe_airadobe adobe airle1.5.2
adobe:adobe_airadobe adobe aireq1.0
adobe:adobe_airadobe adobe aireq1.0.1
adobe:adobe_airadobe adobe aireq1.1
adobe:adobe_airadobe adobe aireq1.5.1
adobe:flash_playeradobe flash playerle10.0.32.18
adobe:flash_playeradobe flash playereq7.0
adobe:flash_playeradobe flash playereq7.0.1
adobe:flash_playeradobe flash playereq7.0.25
adobe:flash_playeradobe flash playereq7.0.63

CPE	Name	Operator	Version
adobe:adobe_air	adobe adobe air	le	1.5.2
adobe:adobe_air	adobe adobe air	eq	1.0
adobe:adobe_air	adobe adobe air	eq	1.0.1
adobe:adobe_air	adobe adobe air	eq	1.1
adobe:adobe_air	adobe adobe air	eq	1.5.1
adobe:flash_player	adobe flash player	le	10.0.32.18
adobe:flash_player	adobe flash player	eq	7.0
adobe:flash_player	adobe flash player	eq	7.0.1
adobe:flash_player	adobe flash player	eq	7.0.25
adobe:flash_player	adobe flash player	eq	7.0.63