CVE-2009-0520

Currently unrated

Key Information:

Vendor: Adobe
Status: Flash Player; Flash Player For Linux; Air; Flex
Vendor: CVE Published:; 26 February 2009

Summary

Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."

References

http://isc.sans.org/diary.html?storyid=5929

x_refsource_MISC

http://support.apple.com/kb/HT3549

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2009-0332.html

vendor-advisoryx_refsource_REDHAT

EPSS Score

66% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 26, 2009
Vulnerability Reserved
Feb 10, 2009