8.2 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.537 Medium
EPSS
Percentile
97.5%
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.
CPE | Name | Operator | Version |
---|---|---|---|
adobe_air | eq | 1.0 | |
adobe_air | eq | 1.5.1 | |
adobe_air | le | 1.5.2 | |
adobe_air | eq | 1.0.1 | |
adobe_air | eq | 1.1 | |
flash_player | eq | 9.125.0 | |
flash_player | eq | 8.0.24.0 | |
flash_player | eq | 9.0.18-d60 | |
flash_player | eq | 7.1.1 | |
flash_player | eq | 9.0.124.0 |
lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
osvdb.org/60885
secunia.com/advisories/37584
secunia.com/advisories/37902
secunia.com/advisories/38241
securitytracker.com/id?1023306
securitytracker.com/id?1023307
sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
support.apple.com/kb/HT4004
www.adobe.com/support/security/bulletins/apsb09-19.html
www.redhat.com/support/errata/RHSA-2009-1657.html
www.redhat.com/support/errata/RHSA-2009-1658.html
www.securityfocus.com/archive/1/508336/100/0/threaded
www.securityfocus.com/bid/37199
www.us-cert.gov/cas/techalerts/TA09-343A.html
www.vupen.com/english/advisories/2009/3456
www.vupen.com/english/advisories/2010/0173
zerodayinitiative.com/advisories/ZDI-09-092/
bugzilla.redhat.com/show_bug.cgi?id=543857
exchange.xforce.ibmcloud.com/vulnerabilities/54631
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686