Adobe Flash Player and Air data code execution (FlashAirDataCodeExecution)

Vuln ID: 54632
Risk Level: High risk vulnerability  High FlashAirDataCodeExecution
Platforms: Sun Solaris: x86, Gentoo Linux, Turbolinux Turbolinux: 10 Server, Sun Solaris: 10 SPARC, RedHat RHEL Extras: 3, RedHat RHEL Extras: 4, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, Adobe Flash Player: 9.0.28, Adobe Flash Player: 7.0.70.0, Adobe Flash Player: 8.0.34.0, Adobe Flash Player: 8.0.35.0, Adobe Flash Player: 9.0.45.0, Adobe Flash Player: 9.0.47.0, Adobe Flash Player: 9.0.48.0, Adobe Flash Player: 7.0.69.0, Adobe Flash Player: 9.0.115.0, Adobe Flash Player: 8.0, Adobe Flash Player: 9.0.16, Adobe Flash Player: 9.0.20.0, Adobe Flash Player: 9.0.28.0, Adobe Flash Player: 9.0.31.0, Adobe Flash Player: 7.0, Adobe Flash Player: 7.0.1, Adobe Flash Player: 7.0.25, Adobe Flash Player: 7.0.63, Adobe Flash Player: 7.1, Adobe Flash Player: 7.1.1, Adobe Flash Player: 7.2, Adobe Flash Player: 8.0.24.0, Adobe Flash Player: 9.0.114.0, Adobe Flash Player: 9.0.20, Adobe Flash Player: 9.0.124.0, Adobe Flash Player: 8.0.39.0, Novell OpenSUSE: 11.0, Adobe Flash Player: 9.0.112.0, Adobe Flash Player: 10.0.12.10, Adobe Flash Player: 10.0.0.584, Adobe Flash Player: 10.0.12.36, Adobe AIR: 1.5, Adobe Flash Player: 7.0.63 Linux, Adobe Flash Player: 8.0 Basic, Adobe Flash Player: 8.0 Pro, Adobe AIR: 1.5.1, Adobe Flash Player: 10.0.22.87, Apple Mac OS X: 10.5.8, Apple Mac OS X Server: 10.5.8, Apple Mac OS X Server: 10.6.2, Apple Mac OS X: 10.6.2, Adobe AIR: 1.5.2, Adobe Flash Player: 10.0.32.18, RedHat Red Hat Enterprise Linux: 4.8.z Extras, RedHat RHEL Supplementary: 5.4.z EUS, Turbolinux Client: 2008
Description:

Adobe Flash Player and Air could allow a remote attacker to execute arbitrary code on the system, caused by an unspecified data injection error. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

Remedy:

Refer to APSB09-19 for patch, upgrade or suggested workaround information. See References.

For other distributions:
Apply the appropriate update for your system. See References.

False Positives:
False Negatives:
Required Permission: Windows login
Additional Information:

References:

APSB09-19
Security updates available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb09-19.html

Sun Alert ID: 274250
Multiple Security Vulnerabilities in the Adobe Flash Player for Solaris May Lead to a Denial of Service (DoS) or Arbitrary Code Execution (Adobe Security Bulletin APSB09-19)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274250-1

Apple Web site
About Security Update 2010-001
http://support.apple.com/kb/HT4004

ISS X-Force
Adobe Flash Player and Air data code execution
http://www.iss.net/security_center/static/54632.php

CVE CVE-2009-3796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3796


X-Force Logo
Know Your Risks
Mitre.org CVE Logo
Common Vulnerabilties & Exposures