Oval Definition:oval:org.mitre.oval:def:7191
Revision Date:2015-08-03Version:47
Title:Adobe Flash Player and AIR 'exception_count' Integer Overflow Vulnerability
Description:Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-3799
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Adobe AIR
Adobe Flash Player
Definition Synopsis
  • Vulnerable version of Adobe AIR
  • Adobe AIR is installed
  • AND Adobe AIR version is less than 1.5.3
  • OR Vulnerable version of Adobe Flash Player
  • Adobe Flash Player is installed
  • AND Adobe Flash Player version installed on the system is less than or equal 10.0.42.34
  • OR Flash.ocx section
  • ActiveX Control is installed
  • AND Determine if the version of Flash.ocx is less than or equal 10.0.42.34
  • BACK