[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110139

 
 

909

 
 

85964

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-0520Date: (C)2009-02-26   (M)2018-06-22


Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 9.3
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: COMPLETE
Scope: Integrity: COMPLETE
Confidentiality: Availability: COMPLETE
Integrity:  
Availability:  
  
Reference:
SECTRACK-1021750
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773
SUNALERT-254909
BID-33880
SECUNIA-34012
SECUNIA-34226
SECUNIA-34293
SECUNIA-35074
ADV-2009-0513
ADV-2009-0743
ADV-2009-1297
APPLE-SA-2009-05-12
GLSA-200903-23
IAVM:2009-A-0017
RHSA-2009:0332
RHSA-2009:0334
TA09-133A
flash-invalid-object-bo(48887)
http://isc.sans.org/diary.html?storyid=5929
http://support.apple.com/kb/HT3549
http://www.adobe.com/support/security/bulletins/apsb09-01.html
https://bugzilla.redhat.com/show_bug.cgi?id=487142

CPE    30
cpe:/a:adobe:flash_player:9.0.124.0
cpe:/a:adobe:flash_player:9.0.45.0
cpe:/a:adobe:flash_player:7.0.25
cpe:/a:adobe:flash_player:9.0.20
...
CWE    1
CWE-119
OVAL    6
oval:org.secpod.oval:def:18030
oval:org.secpod.oval:def:18031
oval:org.secpod.oval:def:18060
oval:org.secpod.oval:def:18061
...

© SecPod Technologies