CVE-2009-0520

Adobe Flash Player <9.0.159.0 & <10.0.22.87 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0520. PoCs published by Javier Vicente Vallejo.

AI-analyzed exploit summary The provided text is a vulnerability description for CVE-2009-0520, affecting Adobe Flash Player versions prior to 10.0.12.36. It outlines a remote code execution vulnerability but does not include actual exploit code or technical details.

Description

Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."

Exploits (1)

exploitdb WRITEUP VERIFIED
by Javier Vicente Vallejo · textremoteunix
https://www.exploit-db.com/exploits/32811

The provided text is a vulnerability description for CVE-2009-0520, affecting Adobe Flash Player versions prior to 10.0.12.36. It outlines a remote code execution vulnerability but does not include actual exploit code or technical details.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Adobe Flash Player < 10.0.12.36
No auth needed
Prerequisites: Victim must visit a malicious webpage or open a malicious SWF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (23)

Core 23
Core References
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3549
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2009-0332.html
Third Party Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35074
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34226
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48887
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0743
Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb09-01.html
Patch vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0513
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200903-23.xml
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1297
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33880
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1021750
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34293
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2009-0334.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=487142
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34012

Scores

EPSS 0.2848
EPSS Percentile 97.9%

Details

CWE
CWE-119
Status published
Products (35)
adobe/air 1.5
adobe/flash_player 7.0
adobe/flash_player 7.0.1
adobe/flash_player 7.0.25
adobe/flash_player 7.0.63 (2 CPE variants)
adobe/flash_player 7.0.69.0
adobe/flash_player 7.0.70.0
adobe/flash_player 7.1
adobe/flash_player 7.1.1
adobe/flash_player 7.2
... and 25 more
Published Feb 26, 2009
Tracked Since Feb 18, 2026