Adobe AIR Memory Corruption Errors Lets Remote Users Execute Arbitrary Code - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Multimedia) > Adobe AIR

Vendors: Adobe Systems Incorporated

Adobe AIR Memory Corruption Errors Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1023306

SecurityTracker URL: http://securitytracker.com/id/1023306

CVE Reference: CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800 (Links to External Site)

Date: Dec 9 2009

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 1.5.2 and prior versions

Description: Several vulnerabilities were reported in Adobe AIR. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted JPEG file that, when loaded by the target user, will execute arbitrary code on the target system [CVE-2009-3794]. The code will run with the privileges of the target user.

A remote user can create Flash content that, when loaded by the target user, will execute arbitrary code on the target system [CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, and CVE-2009-3800].

Jim Cheng of EffectiveUI, Bing Liu of Fortinet's FortiGuard Labs, an anonymous researcher via TippingPoint, Damian Put via TippingPoint, and Will Dormann of CERT reported these vulnerabilities.

Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: The vendor has issued a fix (1.5.3).

The vendor's advisory is available at:

http://www.adobe.com/support/security/bulletins/apsb09-19.html

Vendor URL: www.adobe.com/support/security/bulletins/apsb09-19.html (Links to External Site)

Cause: Access control error

Underlying OS: Linux (Any), UNIX (OS X), Windows (Any)

Message History: None.

Source Message Contents

Date: Wed, 09 Dec 2009 04:22:01 +0000
Subject: Adobe Air


http://www.adobe.com/support/security/bulletins/apsb09-19.html

APSB09-19

CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800, CVE-2009-3951

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC