VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 10, 2009· Updated Apr 23, 2026

CVE-2009-3797

CVE-2009-3797

Description

Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Memory corruption in Adobe Flash Player 10.x before 10.0.42.34 and AIR before 1.5.3 allows remote code execution via a crafted SWF file.

Vulnerability

CVE-2009-3797 is a memory corruption vulnerability in Adobe Flash Player 10.x prior to version 10.0.42.34 and Adobe AIR prior to version 1.5.3 [4]. The flaw is triggered by unspecified vectors, likely a specially crafted SWF file, when a user views the file in a browser or AIR application [4]. Affected versions include Flash Player 10.0.32.18 and earlier, and AIR 1.5.2 and earlier [4].

Exploitation

An attacker needs only to host a malicious SWF file on a website and convince a user to visit that site [4]. No authentication or special network position is required beyond the ability to serve the file. The user must interact by loading the SWF in a browser or AIR runtime, which triggers the memory corruption [4].

Impact

Successful exploitation allows an attacker to execute arbitrary code on the victim's system with the privileges of the user running Flash Player or AIR [4]. This can lead to full compromise of the affected system, including data theft, installation of malware, or further network propagation.

Mitigation

Adobe released Flash Player 10.0.42.34 and AIR 1.5.3 as part of Security Bulletin APSB09-19 to fix this vulnerability [4]. Users should update to these versions immediately. Workarounds include disabling the Flash plugin or using the NoScript extension to whitelist trusted sites [4]. Red Hat provided an update via RHSA-2009:1657 [2][3], and Apple included the fix in Security Update 2010-001 [1].

References
  1. About Security Update 2010-001 - Apple Support
  2. Support
  3. 543857 – (APSB09-19, CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800) flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)
  4. Adobe Flash Vulnerabilities Affect Flash Player and Adobe AIR | CISA

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

10
  • Adobe Inc./Air5 versions
    cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*range: <=1.5.2
    • cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*
  • Adobe Inc./Flashplayer5 versions
    cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

20

News mentions

0

No linked articles in our index yet.