Description
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Javier Vicente Vallejo · textremoteunix
https://www.exploit-db.com/exploits/32811
References (23)
Core 23
Core References
Patch x_refsource_misc
http://isc.sans.org/diary.html?storyid=5929
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3549
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2009-0332.html
Third Party Advisory third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35074
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34226
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48887
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0743
Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb09-01.html
Patch vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0513
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200903-23.xml
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1297
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33880
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1021750
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34293
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2009-0334.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=487142
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34012
Scores
EPSS
0.2217
EPSS Percentile
95.8%
Details
CWE
CWE-119
Status
published
Products (35)
adobe/air
1.5
adobe/flash_player
7.0
adobe/flash_player
7.0.1
adobe/flash_player
7.0.25
adobe/flash_player
7.0.63 (2 CPE variants)
adobe/flash_player
7.0.69.0
adobe/flash_player
7.0.70.0
adobe/flash_player
7.1
adobe/flash_player
7.1.1
adobe/flash_player
7.2
... and 25 more
Published
Feb 26, 2009
Tracked Since
Feb 18, 2026