// For flags

CVE-2009-0520

Adobe Flash Player 9/10 - Invalid Object Reference Remote Code Execution

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."

Adobe Flash Player v9.x anteriores a v9.0.159.0 y 10.x before 10.0.22.87 no elimina apropiadamente referencias a objetos destruidos durante el procesado de un archivo Shockwave Flash, lo que permite a los atacantes remotos ejecutar arbitrariamente código a través de un fichero manipulado, en relación a un "asunto de desbordamiento de búfer".

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-02-10 CVE Reserved
  • 2009-02-24 First Exploit
  • 2009-02-25 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-10-12 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (25)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Adobe
Search vendor "Adobe"
Air
Search vendor "Adobe" for product "Air"
1.5
Search vendor "Adobe" for product "Air" and version "1.5"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
<= 10.0.12.36
Search vendor "Adobe" for product "Flash Player" and version " <= 10.0.12.36"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
7.0
Search vendor "Adobe" for product "Flash Player" and version "7.0"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
7.0.1
Search vendor "Adobe" for product "Flash Player" and version "7.0.1"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
7.0.25
Search vendor "Adobe" for product "Flash Player" and version "7.0.25"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
7.0.63
Search vendor "Adobe" for product "Flash Player" and version "7.0.63"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
7.0.63
Search vendor "Adobe" for product "Flash Player" and version "7.0.63"
linux
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
7.0.69.0
Search vendor "Adobe" for product "Flash Player" and version "7.0.69.0"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
7.0.70.0
Search vendor "Adobe" for product "Flash Player" and version "7.0.70.0"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
7.1
Search vendor "Adobe" for product "Flash Player" and version "7.1"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
7.1.1
Search vendor "Adobe" for product "Flash Player" and version "7.1.1"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
7.2
Search vendor "Adobe" for product "Flash Player" and version "7.2"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
8.0
Search vendor "Adobe" for product "Flash Player" and version "8.0"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
8.0
Search vendor "Adobe" for product "Flash Player" and version "8.0"
basic
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
8.0
Search vendor "Adobe" for product "Flash Player" and version "8.0"
pro
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
8.0.24.0
Search vendor "Adobe" for product "Flash Player" and version "8.0.24.0"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
8.0.34.0
Search vendor "Adobe" for product "Flash Player" and version "8.0.34.0"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
8.0.35.0
Search vendor "Adobe" for product "Flash Player" and version "8.0.35.0"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
8.0.39.0
Search vendor "Adobe" for product "Flash Player" and version "8.0.39.0"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
9.0.16
Search vendor "Adobe" for product "Flash Player" and version "9.0.16"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
9.0.20
Search vendor "Adobe" for product "Flash Player" and version "9.0.20"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
9.0.20.0
Search vendor "Adobe" for product "Flash Player" and version "9.0.20.0"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
9.0.28
Search vendor "Adobe" for product "Flash Player" and version "9.0.28"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
9.0.28.0
Search vendor "Adobe" for product "Flash Player" and version "9.0.28.0"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
9.0.31.0
Search vendor "Adobe" for product "Flash Player" and version "9.0.31.0"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
9.0.45.0
Search vendor "Adobe" for product "Flash Player" and version "9.0.45.0"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
9.0.47.0
Search vendor "Adobe" for product "Flash Player" and version "9.0.47.0"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
9.0.48.0
Search vendor "Adobe" for product "Flash Player" and version "9.0.48.0"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
9.0.112.0
Search vendor "Adobe" for product "Flash Player" and version "9.0.112.0"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
9.0.114.0
Search vendor "Adobe" for product "Flash Player" and version "9.0.114.0"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
9.0.115.0
Search vendor "Adobe" for product "Flash Player" and version "9.0.115.0"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
9.0.124.0
Search vendor "Adobe" for product "Flash Player" and version "9.0.124.0"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
10.0.0.584
Search vendor "Adobe" for product "Flash Player" and version "10.0.0.584"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
10.0.12.10
Search vendor "Adobe" for product "Flash Player" and version "10.0.12.10"
-
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
cs3
Search vendor "Adobe" for product "Flash Player" and version "cs3"
pro
Affected
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
cs4
Search vendor "Adobe" for product "Flash Player" and version "cs4"
pro
Affected
Adobe
Search vendor "Adobe"
Flash Player For Linux
Search vendor "Adobe" for product "Flash Player For Linux"
<= 10.0.15.3
Search vendor "Adobe" for product "Flash Player For Linux" and version " <= 10.0.15.3"
-
Affected
Adobe
Search vendor "Adobe"
Flex
Search vendor "Adobe" for product "Flex"
3.0
Search vendor "Adobe" for product "Flex" and version "3.0"
-
Affected