Vulnerability Description
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Air | 1.5 |
| Adobe | Flash Player | <= 10.0.12.36 |
| Adobe | Flash Player For Linux | <= 10.0.15.3 |
| Adobe | Flex | 3.0 |
Related Weaknesses (CWE)
References
- http://isc.sans.org/diary.html?storyid=5929Patch
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://rhn.redhat.com/errata/RHSA-2009-0332.html
- http://rhn.redhat.com/errata/RHSA-2009-0334.html
- http://secunia.com/advisories/34012
- http://secunia.com/advisories/34226
- http://secunia.com/advisories/34293
- http://secunia.com/advisories/35074
- http://security.gentoo.org/glsa/glsa-200903-23.xml
- http://securitytracker.com/id?1021750
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1
- http://support.apple.com/kb/HT3549
- http://www.adobe.com/support/security/bulletins/apsb09-01.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/33880Patch
FAQ
What is CVE-2009-0520?
CVE-2009-0520 is a vulnerability with a CVSS score of 9.3 (HIGH). Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to exe...
How severe is CVE-2009-0520?
CVE-2009-0520 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0520?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Air, Adobe Flash Player, Adobe Flash Player For Linux, Adobe Flex.