CVE-2009-0520
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
High
0.41 Medium
EPSS
Percentile
97.3%
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a βbuffer overflow issue.β
Affected configurations
References
isc.sans.org/diary.html?storyid=5929
labs.idefense.com/intelligence/vulnerabilities/display.php?id=773
lists.apple.com/archives/security-announce/2009/May/msg00002.html
rhn.redhat.com/errata/RHSA-2009-0332.html
rhn.redhat.com/errata/RHSA-2009-0334.html
secunia.com/advisories/34012
secunia.com/advisories/34226
secunia.com/advisories/34293
secunia.com/advisories/35074
security.gentoo.org/glsa/glsa-200903-23.xml
securitytracker.com/id?1021750
sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1
support.apple.com/kb/HT3549
www.adobe.com/support/security/bulletins/apsb09-01.html
www.securityfocus.com/bid/33880
www.us-cert.gov/cas/techalerts/TA09-133A.html
www.vupen.com/english/advisories/2009/0513
www.vupen.com/english/advisories/2009/0743
www.vupen.com/english/advisories/2009/1297
bugzilla.redhat.com/show_bug.cgi?id=487142
exchange.xforce.ibmcloud.com/vulnerabilities/48887
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
High
0.41 Medium
EPSS
Percentile
97.3%