CVE-2009-3800
Description
Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and AIR before 1.5.3 could cause denial of service or arbitrary code execution.
Vulnerability
Multiple unspecified vulnerabilities exist in Adobe Flash Player versions before 10.0.42.34 and Adobe AIR versions before 1.5.3. The exact nature of the flaws is not disclosed, but they can be triggered via unknown vectors. Affected versions include all releases prior to the specified fixed versions [1][4].
Exploitation
Successful exploitation may require an attacker to entice a user to open a specially crafted file or visit a malicious website. The specific attack vectors are not detailed in the available references, but given the remote code execution potential, network-based delivery is likely [1][4].
Impact
An attacker could cause a denial of service (application crash) or possibly execute arbitrary code on the target system. The impact ranges from service disruption to full system compromise, depending on the exploited vulnerability and the privileges of the user [1][4].
Mitigation
Adobe released Flash Player 10.0.42.34 and AIR 1.5.3 to address these issues. Red Hat issued RHSA-2009-1657 and RHSA-2009-1658 for affected packages [2][3]. Apple included fixes in Security Update 2010-001 [1]. Users should update to the latest versions as soon as possible.
- About Security Update 2010-001 - Apple Support
- Support
- Support
- 543857 – (APSB09-19, CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800) flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
46cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*range: <=1.5.2
- cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 40 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=10.0.32.18
- cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
21- securitytracker.com/idnvdPatch
- securitytracker.com/idnvdPatch
- www.adobe.com/support/security/bulletins/apsb09-19.htmlnvdPatchVendor Advisory
- www.redhat.com/support/errata/RHSA-2009-1657.htmlnvdPatch
- www.redhat.com/support/errata/RHSA-2009-1658.htmlnvdPatch
- www.vupen.com/english/advisories/2009/3456nvdPatchVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdPatch
- secunia.com/advisories/37584nvdVendor Advisory
- www.us-cert.gov/cas/techalerts/TA09-343A.htmlnvdUS Government Resource
- lists.apple.com/archives/security-announce/2010/Jan/msg00000.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.htmlnvd
- secunia.com/advisories/37902nvd
- secunia.com/advisories/38241nvd
- sunsolve.sun.com/search/document.donvd
- support.apple.com/kb/HT4004nvd
- www.securityfocus.com/bid/37199nvd
- www.vupen.com/english/advisories/2010/0173nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/54636nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613nvd
News mentions
0No linked articles in our index yet.