Info

Disclosure

Dec 08, 2009

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Dec 08, 2009

Description

Classification

Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Disclosure: Vendor Verified

Solution

Upgrade Flash Player to version 10.0.32.18 or higher and AIR to version 1.5.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

Security Tracker: 1023306 1023307
CVE ID: 2009-3797 (see also: NVD)
Bugtraq ID: 37199
Secunia Advisory ID: 37584 37678 37725 37902 38102 38241
ISS X-Force ID: 54633
Related OSVDB ID: 60885 60886 60888 60889 60890 60891
VUPEN Advisory: ADV-2009-3456
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0201.html
News Article: http://blogs.zdnet.com/security/?p=5104
Vendor Specific News/Changelog Entry: http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
https://bugzilla.redhat.com/show_bug.cgi?id=543857
Other Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-274250-1
http://www.fortiguard.com/advisory/FGA-2009-46.html
http://www.fortinet.com/press_releases/080507.html
Vendor Specific Advisory URL: http://support.apple.com/kb/HT4004
http://www.adobe.com/support/security/bulletins/apsb09-19.html
http://www.gentoo.org/security/en/glsa/glsa-201001-02.xml
RedHat RHSA: https://rhn.redhat.com/errata/RHSA-2009-1657.html
RHSA-2009:1657
CERT: TA09-343A

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/60887