CVE-2009-1870

medium

Description

Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."

References

http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

http://osvdb.org/56778

http://secunia.com/advisories/36193

http://secunia.com/advisories/36374

http://secunia.com/advisories/36701

http://security.gentoo.org/glsa/glsa-200908-04.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1

http://support.apple.com/kb/HT3864

http://support.apple.com/kb/HT3865

http://www.adobe.com/support/security/bulletins/apsb09-10.html

http://www.adobe.com/support/security/bulletins/apsb09-13.html

http://www.securityfocus.com/bid/35890

http://www.securityfocus.com/bid/35908

http://www.securitytracker.com/id?1022629

http://www.vupen.com/english/advisories/2009/2086

https://exchange.xforce.ibmcloud.com/vulnerabilities/52180

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15887

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6648

Details

Source: MITRE

Published: 2009-07-31

Updated: 2017-09-29

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM