CVE-2009-0520
Adobe Flash Player 9/10 - Invalid Object Reference Remote Code Execution
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."
Adobe Flash Player v9.x anteriores a v9.0.159.0 y 10.x before 10.0.22.87 no elimina apropiadamente referencias a objetos destruidos durante el procesado de un archivo Shockwave Flash, lo que permite a los atacantes remotos ejecutar arbitrariamente código a través de un fichero manipulado, en relación a un "asunto de desbordamiento de búfer".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-02-10 CVE Reserved
- 2009-02-24 First Exploit
- 2009-02-25 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (25)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773 | Third Party Advisory | |
| http://secunia.com/advisories/34012 | Third Party Advisory | |
| http://secunia.com/advisories/34226 | Third Party Advisory | |
| http://secunia.com/advisories/34293 | Third Party Advisory | |
| http://secunia.com/advisories/35074 | Third Party Advisory | |
| http://securitytracker.com/id?1021750 | Vdb Entry | |
| http://support.apple.com/kb/HT3549 | X_refsource_confirm |
|
| http://www.us-cert.gov/cas/techalerts/TA09-133A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2009/0743 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2009/1297 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48887 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057 | Signature | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/32811 | 2009-02-24 |
| URL | Date | SRC |
|---|---|---|
| http://isc.sans.org/diary.html?storyid=5929 | 2017-09-29 | |
| http://www.adobe.com/support/security/bulletins/apsb09-01.html | 2017-09-29 | |
| http://www.securityfocus.com/bid/33880 | 2017-09-29 | |
| http://www.vupen.com/english/advisories/2009/0513 | 2017-09-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Air Search vendor "Adobe" for product "Air" | 1.5 Search vendor "Adobe" for product "Air" and version "1.5" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 10.0.12.36 Search vendor "Adobe" for product "Flash Player" and version " <= 10.0.12.36" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0 Search vendor "Adobe" for product "Flash Player" and version "7.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.1 Search vendor "Adobe" for product "Flash Player" and version "7.0.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.25 Search vendor "Adobe" for product "Flash Player" and version "7.0.25" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.63 Search vendor "Adobe" for product "Flash Player" and version "7.0.63" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.63 Search vendor "Adobe" for product "Flash Player" and version "7.0.63" | linux |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.69.0 Search vendor "Adobe" for product "Flash Player" and version "7.0.69.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.0.70.0 Search vendor "Adobe" for product "Flash Player" and version "7.0.70.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.1 Search vendor "Adobe" for product "Flash Player" and version "7.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.1.1 Search vendor "Adobe" for product "Flash Player" and version "7.1.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 7.2 Search vendor "Adobe" for product "Flash Player" and version "7.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 8.0 Search vendor "Adobe" for product "Flash Player" and version "8.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 8.0 Search vendor "Adobe" for product "Flash Player" and version "8.0" | basic |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 8.0 Search vendor "Adobe" for product "Flash Player" and version "8.0" | pro |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 8.0.24.0 Search vendor "Adobe" for product "Flash Player" and version "8.0.24.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 8.0.34.0 Search vendor "Adobe" for product "Flash Player" and version "8.0.34.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 8.0.35.0 Search vendor "Adobe" for product "Flash Player" and version "8.0.35.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 8.0.39.0 Search vendor "Adobe" for product "Flash Player" and version "8.0.39.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.16 Search vendor "Adobe" for product "Flash Player" and version "9.0.16" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.20 Search vendor "Adobe" for product "Flash Player" and version "9.0.20" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.20.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.20.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.28 Search vendor "Adobe" for product "Flash Player" and version "9.0.28" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.28.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.28.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.31.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.31.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.45.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.45.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.47.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.47.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.48.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.48.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.112.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.112.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.114.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.114.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.115.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.115.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 9.0.124.0 Search vendor "Adobe" for product "Flash Player" and version "9.0.124.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 10.0.0.584 Search vendor "Adobe" for product "Flash Player" and version "10.0.0.584" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 10.0.12.10 Search vendor "Adobe" for product "Flash Player" and version "10.0.12.10" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | cs3 Search vendor "Adobe" for product "Flash Player" and version "cs3" | pro |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | cs4 Search vendor "Adobe" for product "Flash Player" and version "cs4" | pro |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flash Player For Linux Search vendor "Adobe" for product "Flash Player For Linux" | <= 10.0.15.3 Search vendor "Adobe" for product "Flash Player For Linux" and version " <= 10.0.15.3" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Flex Search vendor "Adobe" for product "Flex" | 3.0 Search vendor "Adobe" for product "Flex" and version "3.0" | - |
Affected
| ||||||