Lucene search

K
cve[email protected]CVE-2009-0520
HistoryFeb 26, 2009 - 4:17 p.m.

CVE-2009-0520

2009-02-2616:17:19
CWE-119
web.nvd.nist.gov
55
adobe
flash player
remote code execution
cve-2009-0520
buffer overflow
nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

High

EPSS

0.41

Percentile

97.3%

Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a “buffer overflow issue.”

Affected configurations

NVD
Node
adobeairMatch1.5
OR
adobeflash_playerRange10.0.12.36
OR
adobeflash_playerMatch7.0
OR
adobeflash_playerMatch7.0.1
OR
adobeflash_playerMatch7.0.25
OR
adobeflash_playerMatch7.0.63
OR
adobeflash_playerMatch7.0.63linux
OR
adobeflash_playerMatch7.0.69.0
OR
adobeflash_playerMatch7.0.70.0
OR
adobeflash_playerMatch7.1
OR
adobeflash_playerMatch7.1.1
OR
adobeflash_playerMatch7.2
OR
adobeflash_playerMatch8.0
OR
adobeflash_playerMatch8.0basic
OR
adobeflash_playerMatch8.0pro
OR
adobeflash_playerMatch8.0.24.0
OR
adobeflash_playerMatch8.0.34.0
OR
adobeflash_playerMatch8.0.35.0
OR
adobeflash_playerMatch8.0.39.0
OR
adobeflash_playerMatch9.0.16
OR
adobeflash_playerMatch9.0.20
OR
adobeflash_playerMatch9.0.20.0
OR
adobeflash_playerMatch9.0.28
OR
adobeflash_playerMatch9.0.28.0
OR
adobeflash_playerMatch9.0.31.0
OR
adobeflash_playerMatch9.0.45.0
OR
adobeflash_playerMatch9.0.47.0
OR
adobeflash_playerMatch9.0.48.0
OR
adobeflash_playerMatch9.0.112.0
OR
adobeflash_playerMatch9.0.114.0
OR
adobeflash_playerMatch9.0.115.0
OR
adobeflash_playerMatch9.0.124.0
OR
adobeflash_playerMatch10.0.0.584
OR
adobeflash_playerMatch10.0.12.10
OR
adobeflash_playerMatchcs3pro
OR
adobeflash_playerMatchcs4pro
OR
adobeflash_player_for_linuxRange10.0.15.3
OR
adobeflexMatch3.0

References

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

High

EPSS

0.41

Percentile

97.3%