Lucene search
RootSSV:15052HistoryDec 12, 2009 - 12:00 a.m.
Adobe Flash Player JPEG解析堆溢出漏洞
2009-12-1200:00:00
Root
www.seebug.org
20
0.57 Medium
EPSS
Percentile
97.4%
BUGTRAQ ID: 37266
CVE ID: CVE-2009-3794
Flash Player是一款非常流行的FLASH播放器。
Flash Player在解析SWF文件中所包含的JPEG维度时计算图形的帧大小缺少过滤检查,用户受骗打开恶意的JPEG图形就可以触发堆溢出,导致执行任意代码。
Adobe Flash Player 10.x
Adobe AIR 1.5.2
厂商补丁:
Adobe
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://get.adobe.com/flashplayer/
http://get.adobe.com/air/
RedHat
RedHat已经为此发布了一个安全公告(RHSA-2009:1658-01)以及相应补丁:
RHSA-2009:1658-01:Critical: flash-plugin security update
链接:https://www.redhat.com/support/errata/RHSA-2009-1658.html
Related
cve
cve
CVE-2009-3794
2009-12-10 19:30:00
prion
prion
Heap overflow
2009-12-10 19:30:00
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability
2009-12-09 00:00:00
Adobe Flash Player multiple security vulnerabilities
2009-12-09 00:00:00
zdi
zdi
Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability
2009-12-09 00:00:00
ubuntucve
ubuntucve
CVE-2009-3794
2009-12-10 00:00:00
redhat
redhat
(RHSA-2009:1658) Critical: flash-plugin security update
2009-12-09 00:00:00
(RHSA-2009:1657) Critical: flash-plugin security update
2009-12-09 00:00:00
nessus
nessus
RHEL 3 / 4 : flash-plugin (RHSA-2009:1658)
2013-01-24 00:00:00
GLSA-201001-02 : Adobe Flash Player: Multiple vulnerabilities
2010-02-25 00:00:00
Adobe AIR < 1.5.3 Multiple Vulnerabilities (APSB09-19)
2009-12-09 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201001-02 (adobe-flash)
2010-01-07 00:00:00
Gentoo Security Advisory GLSA 201001-02 (adobe-flash)
2010-01-07 00:00:00
RedHat Security Advisory RHSA-2009:1658
2009-12-14 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2010-01-03 00:00:00
suse
suse
remote code execution in flash-player
2009-12-22 15:16:01
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2009-07-14 00:00:00
threatpost
threatpost
Adobe Zaps Dangerous Flash Player Bugs
2009-12-09 03:23:00