Buffer Overflow Vulnerability in Adobe Flash Player
CVE-2009-0520

Currently unrated

Key Information:

Vendor: Adobe
Status: Flash Player; Flash Player For Linux; Air; Flex
Vendor: CVE Published:; 26 February 2009

Summary

Adobe Flash Player versions 9.x prior to 9.0.159.0 and 10.x prior to 10.0.22.87 contain a vulnerability that fails to correctly remove references to destroyed objects during the processing of Shockwave Flash files. This flaw permits remote attackers to craft malicious files that, when opened, may lead to arbitrary code execution on the affected systems, posing a significant risk to user data and system integrity.

References

http://isc.sans.org/diary.html?storyid=5929

x_refsource_MISC

http://support.apple.com/kb/HT3549

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2009-0332.html

vendor-advisoryx_refsource_REDHAT

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 26, 2009
Vulnerability Reserved
Feb 10, 2009