製品・ソフトウェアに関する情報

JVN脆弱性詳細

Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性

Title	Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
Summary	Adobe Flash Player および Adobe AIR には、サービス運用妨害 (DoS) 状態にされる、または任意のコードを実行される脆弱性が存在します。
Possible impacts	攻撃者により、サービス運用妨害 (DoS) 状態にされる、または任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 8, 2009, midnight
Registration Date	Jan. 19, 2010, 3:54 p.m.
Last Update	Feb. 10, 2010, 1:36 p.m.

CVSS2.0 : 危険
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected System

サン・マイクロシステムズ

OpenSolaris (sparc)

OpenSolaris (x86)

Sun Solaris 10 (sparc)

Sun Solaris 10 (x86)

レッドハット

Red Hat Enterprise Linux Extras 3 extras

Red Hat Enterprise Linux Extras 4 extras

Red Hat Enterprise Linux Extras 4.8.z extras

RHEL Desktop Supplementary 5 (client)

RHEL Supplementary 5 (server)

RHEL Supplementary EUS 5.4.z (server)

アドビシステムズ

Adobe AIR 1.5.2 およびそれ以前

Adobe Flash Player 10.0.32.18 およびそれ以前

アップル

Apple Mac OS X v10.5.8

Apple Mac OS X v10.6.2

Apple Mac OS X Server v10.5.8

Apple Mac OS X Server v10.6.2

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-3800	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3800
National Vulnerability Database (NVD)
2	CVE-2009-3800	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3800

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
Adobe Security Bulletin
1	APSB09-19	http://www.adobe.com/support/security/bulletins/apsb09-19.html
Adobe セキュリティ情報
2	APSB09-19	http://www.adobe.com/jp/support/security/bulletins/apsb09-19.html
Apple Security Updates
3	HT4004	http://support.apple.com/kb/HT4004
Apple セキュリティアップデート
4	HT4004	http://support.apple.com/kb/HT4004?viewlocale=ja_JP
Red Hat Security Advisory
5	RHSA-2009:1657	https://rhn.redhat.com/errata/RHSA-2009-1657.html
6	RHSA-2009:1658	https://rhn.redhat.com/errata/RHSA-2009-1658.html
Sun Alert Notification
7	274250	http://sunsolve.sun.com/search/document.do?assetkey=1-66-274250-1
レッドハットセキュリティーアップデート
8	RHSA-2009:1657	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1657J.html

その他

No	Name	URL
ISS X-Force Database
1	54636	http://xforce.iss.net/xforce/xfdb/54636
JPCERT 緊急報告
2	JPCERT-AT-2009-0026	http://www.jpcert.or.jp/at/2009/at090026.txt
JVN
3	JVNTA09-343A	http://jvn.jp/cert/JVNTA09-343A/
JVN Status Tracking Notes
4	JVNTR-2009-28	http://jvn.jp/tr/JVNTR-2009-28/index.html
Secunia Advisory
5	SA37584	http://secunia.com/advisories/37584
SecurityFocus
6	37269	http://www.securityfocus.com/bid/37269
SecurityTracker
7	1023306	http://securitytracker.com/id?1023306
8	1023307	http://securitytracker.com/id?1023307
US-CERT Cyber Security Alerts
9	SA09-343A	http://www.us-cert.gov/cas/alerts/SA09-343A.html
US-CERT Technical Cyber Security Alert
10	TA09-343A	http://www.us-cert.gov/cas/techalerts/TA09-343A.html
VUPEN Security
11	VUPEN/ADV-2009-3456	http://www.vupen.com/english/advisories/2009/3456
警察庁 @police
12	アドビシステムズ社の Adobe Flash Player および Adobe AIR のセキュリティ修正プログラムについて	http://www.npa.go.jp/cyberpolice/#topics

Change Log

No	Changed Details	Date of change
0	[2010年01月19日] 掲載 [2010年02月10日] 影響を受けるシステム：アップル (HT4004) の情報を追加ベンダ情報：アップル (HT4004) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2009-3800

Summary	Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
Publication Date	Dec. 11, 2009, 4:30 a.m.
Registration Date	Jan. 29, 2021, 1:24 p.m.
Last Update	Oct. 31, 2018, 1:26 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:adobe:adobe_air:1.0:::::::*
cpe:2.3:a:adobe:adobe_air:1.0.1:::::::*
cpe:2.3:a:adobe:adobe_air:1.1:::::::*
cpe:2.3:a:adobe:adobe_air:1.5.1:::::::*
cpe:2.3:a:adobe:adobe_air::::::::		1.5.2
cpe:2.3:a:adobe:flash_player:7.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.1:::::::*
cpe:2.3:a:adobe:flash_player:7.0.25:::::::*
cpe:2.3:a:adobe:flash_player:7.0.63:::::::*
cpe:2.3:a:adobe:flash_player:7.0.69.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.70.0:::::::*
cpe:2.3:a:adobe:flash_player:7.1:::::::*
cpe:2.3:a:adobe:flash_player:7.1.1:::::::*
cpe:2.3:a:adobe:flash_player:7.2:::::::*
cpe:2.3:a:adobe:flash_player:8::pro:::::
cpe:2.3:a:adobe:flash_player:8::professional:::::
cpe:2.3:a:adobe:flash_player:8.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0::basic:::::
cpe:2.3:a:adobe:flash_player:8.0::pro:::::
cpe:2.3:a:adobe:flash_player:8.0.24.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.34.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.35.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.39.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.16:::::::*
cpe:2.3:a:adobe:flash_player:9.0.18d60:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.45.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.47.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.112.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.114.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.115.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.124.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.155.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.159.0:::::::*
cpe:2.3:a:adobe:flash_player:9.125.0:::::::*
cpe:2.3:a:adobe:flash_player:10.0.0.584:::::::*
cpe:2.3:a:adobe:flash_player:10.0.12.10:::::::*
cpe:2.3:a:adobe:flash_player:10.0.12.36:::::::*
cpe:2.3:a:adobe:flash_player:10.0.22.87:::::::*
cpe:2.3:a:adobe:flash_player::::::::		10.0.32.18

Related information, measures and tools

No	URL	refsource	タグ
1	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html	APPLE
2	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html	SUSE
3	http://secunia.com/advisories/37584	SECUNIA	Vendor Advisory
4	http://secunia.com/advisories/37902	SECUNIA
5	http://secunia.com/advisories/38241	SECUNIA
6	http://securitytracker.com/id?1023306	SECTRACK	Patch
7	http://securitytracker.com/id?1023307	SECTRACK	Patch
8	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1	SUNALERT
9	http://support.apple.com/kb/HT4004	CONFIRM
10	http://www.adobe.com/support/security/bulletins/apsb09-19.html	CONFIRM	Patch Vendor Advisory
11	http://www.redhat.com/support/errata/RHSA-2009-1657.html	REDHAT	Patch
12	http://www.redhat.com/support/errata/RHSA-2009-1658.html	REDHAT	Patch
13	http://www.securityfocus.com/bid/37199	BID
14	http://www.us-cert.gov/cas/techalerts/TA09-343A.html	CERT	US Government Resource
15	http://www.vupen.com/english/advisories/2009/3456	VUPEN	Patch Vendor Advisory
16	http://www.vupen.com/english/advisories/2010/0173	VUPEN
17	https://bugzilla.redhat.com/show_bug.cgi?id=543857	CONFIRM	Patch
18	https://exchange.xforce.ibmcloud.com/vulnerabilities/54636	XF
19	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054	OVAL
20	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972	OVAL
21	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613	OVAL

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:adobe:adobe_air:1.0:::::::*
cpe:2.3:a:adobe:adobe_air:1.0.1:::::::*
cpe:2.3:a:adobe:adobe_air:1.1:::::::*
cpe:2.3:a:adobe:adobe_air:1.5.1:::::::*
cpe:2.3:a:adobe:adobe_air::::::::		1.5.2
cpe:2.3:a:adobe:flash_player:7.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.1:::::::*
cpe:2.3:a:adobe:flash_player:7.0.25:::::::*
cpe:2.3:a:adobe:flash_player:7.0.63:::::::*
cpe:2.3:a:adobe:flash_player:7.0.69.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.70.0:::::::*
cpe:2.3:a:adobe:flash_player:7.1:::::::*
cpe:2.3:a:adobe:flash_player:7.1.1:::::::*
cpe:2.3:a:adobe:flash_player:7.2:::::::*
cpe:2.3:a:adobe:flash_player:8::pro:::::
cpe:2.3:a:adobe:flash_player:8::professional:::::
cpe:2.3:a:adobe:flash_player:8.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0::basic:::::
cpe:2.3:a:adobe:flash_player:8.0::pro:::::
cpe:2.3:a:adobe:flash_player:8.0.24.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.34.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.35.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.39.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.16:::::::*
cpe:2.3:a:adobe:flash_player:9.0.18d60:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.45.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.47.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.112.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.114.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.115.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.124.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.155.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.159.0:::::::*
cpe:2.3:a:adobe:flash_player:9.125.0:::::::*
cpe:2.3:a:adobe:flash_player:10.0.0.584:::::::*
cpe:2.3:a:adobe:flash_player:10.0.12.10:::::::*
cpe:2.3:a:adobe:flash_player:10.0.12.36:::::::*
cpe:2.3:a:adobe:flash_player:10.0.22.87:::::::*
cpe:2.3:a:adobe:flash_player::::::::		10.0.32.18