cvelistv5 - cve-2009-0520

CVE-2009-0520 (GCVE-0-2009-0520)

Vulnerability from cvelistv5

Published

2009-02-26 16:00

Modified

2024-08-07 04:40

Severity ?

CWE

Summary

Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."

References

URL

Tags

cve@mitre.org	http://isc.sans.org/diary.html?storyid=5929	Patch
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2009-0332.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2009-0334.html
cve@mitre.org	http://secunia.com/advisories/34012
cve@mitre.org	http://secunia.com/advisories/34226
cve@mitre.org	http://secunia.com/advisories/34293
cve@mitre.org	http://secunia.com/advisories/35074
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200903-23.xml
cve@mitre.org	http://securitytracker.com/id?1021750
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1
cve@mitre.org	http://support.apple.com/kb/HT3549
cve@mitre.org	http://www.adobe.com/support/security/bulletins/apsb09-01.html	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/33880	Patch
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0513	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0743
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1297
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=487142
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/48887
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593
af854a3a-2127-422b-91ae-364da2661108	http://isc.sans.org/diary.html?storyid=5929	Patch
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2009-0332.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2009-0334.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34012
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34226
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34293
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35074
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200903-23.xml
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1021750
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3549
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-01.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33880	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0513	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0743
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1297
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=487142
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/48887
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:40:03.744Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.org/diary.html?storyid=5929"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3549"
          },
          {
            "name": "RHSA-2009:0332",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html"
          },
          {
            "name": "20090224 Adobe Flash Player Invalid Object Reference Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773"
          },
          {
            "name": "35074",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35074"
          },
          {
            "name": "34226",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34226"
          },
          {
            "name": "APPLE-SA-2009-05-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6593",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593"
          },
          {
            "name": "flash-invalid-object-bo(48887)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48887"
          },
          {
            "name": "ADV-2009-0743",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0743"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
          },
          {
            "name": "ADV-2009-0513",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0513"
          },
          {
            "name": "GLSA-200903-23",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
          },
          {
            "name": "TA09-133A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:16057",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057"
          },
          {
            "name": "ADV-2009-1297",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1297"
          },
          {
            "name": "33880",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33880"
          },
          {
            "name": "1021750",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021750"
          },
          {
            "name": "34293",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34293"
          },
          {
            "name": "254909",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1"
          },
          {
            "name": "RHSA-2009:0334",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
          },
          {
            "name": "34012",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34012"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-02-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.org/diary.html?storyid=5929"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3549"
        },
        {
          "name": "RHSA-2009:0332",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html"
        },
        {
          "name": "20090224 Adobe Flash Player Invalid Object Reference Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773"
        },
        {
          "name": "35074",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35074"
        },
        {
          "name": "34226",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34226"
        },
        {
          "name": "APPLE-SA-2009-05-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6593",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593"
        },
        {
          "name": "flash-invalid-object-bo(48887)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48887"
        },
        {
          "name": "ADV-2009-0743",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0743"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
        },
        {
          "name": "ADV-2009-0513",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0513"
        },
        {
          "name": "GLSA-200903-23",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
        },
        {
          "name": "TA09-133A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:16057",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057"
        },
        {
          "name": "ADV-2009-1297",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1297"
        },
        {
          "name": "33880",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33880"
        },
        {
          "name": "1021750",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021750"
        },
        {
          "name": "34293",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34293"
        },
        {
          "name": "254909",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1"
        },
        {
          "name": "RHSA-2009:0334",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
        },
        {
          "name": "34012",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34012"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0520",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://isc.sans.org/diary.html?storyid=5929",
              "refsource": "MISC",
              "url": "http://isc.sans.org/diary.html?storyid=5929"
            },
            {
              "name": "http://support.apple.com/kb/HT3549",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3549"
            },
            {
              "name": "RHSA-2009:0332",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html"
            },
            {
              "name": "20090224 Adobe Flash Player Invalid Object Reference Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773"
            },
            {
              "name": "35074",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35074"
            },
            {
              "name": "34226",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34226"
            },
            {
              "name": "APPLE-SA-2009-05-12",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6593",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593"
            },
            {
              "name": "flash-invalid-object-bo(48887)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48887"
            },
            {
              "name": "ADV-2009-0743",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0743"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-01.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
            },
            {
              "name": "ADV-2009-0513",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0513"
            },
            {
              "name": "GLSA-200903-23",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
            },
            {
              "name": "TA09-133A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:16057",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057"
            },
            {
              "name": "ADV-2009-1297",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1297"
            },
            {
              "name": "33880",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33880"
            },
            {
              "name": "1021750",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1021750"
            },
            {
              "name": "34293",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34293"
            },
            {
              "name": "254909",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1"
            },
            {
              "name": "RHSA-2009:0334",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=487142",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
            },
            {
              "name": "34012",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34012"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0520",
    "datePublished": "2009-02-26T16:00:00",
    "dateReserved": "2009-02-10T00:00:00",
    "dateUpdated": "2024-08-07T04:40:03.744Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0520\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-02-26T16:17:19.890\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \\\"buffer overflow issue.\\\"\"},{\"lang\":\"es\",\"value\":\"Adobe Flash Player v9.x anteriores a v9.0.159.0 y 10.x before 10.0.22.87 no elimina apropiadamente referencias a objetos destruidos durante el procesado de un archivo Shockwave Flash, lo que permite a los atacantes remotos ejecutar arbitrariamente c\u00f3digo a trav\u00e9s de un fichero manipulado, en relaci\u00f3n a un \\\"asunto de desbordamiento de b\u00fafer\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15DDE65E-ED35-42B6-A139-BB6F571B5967\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.0.12.36\",\"matchCriteriaId\":\"67971799-2A4E-4FD2-BF8B-5E0B82032E55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDFF4A51-C936-4C5B-8276-FD454C9E4F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5ECC9D7-3386-4FEA-9218-91E31FF90F3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0E93289-6EE0-401A-958D-F59D2CDAE2F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"C00E5438-DBD7-4A47-8E5F-0D3946EA3102\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A82D5B56-44E0-4120-B73E-0A1155AF4B05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E895107-ED8A-4F88-87C3-935EAE299C01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4007D621-A0BC-4927-82A7-10D73802BCF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"641776AE-5408-439E-8290-DD9324771874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"138A932A-D775-46A2-86EC-3C03C96884C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D12E3957-D7B2-4F3B-BB64-8B50B8958DEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*\",\"matchCriteriaId\":\"F648661E-BA18-41F9-A0A7-F9D5D7E2056B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*\",\"matchCriteriaId\":\"A88BDD68-3EDD-49F4-B656-EB03BF849664\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32912721-F750-4C20-B999-E728F7D3A85D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A95FA639-346C-491C-81A8-6C2A7B01AA19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC7DD938-F963-4E03-B66B-F00436E4EA9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"934A869D-D58D-4C36-B86E-013F62790585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACFA6611-99DA-48B0-89F7-DD99B8E30334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59AF804B-BD7A-4AD7-AD44-B5D980443B8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0557AA2A-FA3A-460A-8F03-DC74B149CA3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FC04ABF-6191-4AA5-90B2-E7A97E6C6005\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F22F1B02-CCF5-4770-A79B-1F58CA4321CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93957171-F1F4-43ED-A8B9-2D36C81EB1F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AE89894-E492-4380-8A2B-4CDD3A15667A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C6ED706-BAF2-4795-B597-6F7EE8CA8911\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"260E2CF6-4D15-4168-A933-3EC52D8F93FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D50BF190-2629-49A8-A377-4723C93FFB3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08E4028B-72E7-4E4A-AD0F-645F5AACAA29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63313ADA-3C52-47C8-9745-6BF6AEF0F6AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:cs3:*:pro:*:*:*:*:*\",\"matchCriteriaId\":\"A3618623-8C9F-47CA-BBF6-B0DA98CB41FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:cs4:*:pro:*:*:*:*:*\",\"matchCriteriaId\":\"9E1093EF-0A76-4757-9D8D-6808A5D95C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.0.15.3\",\"matchCriteriaId\":\"A72D07B5-1311-4653-8E84-7414E11A797C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54D250C7-E7DE-491C-9FE3-F9F77C971B24\"}]}]}],\"references\":[{\"url\":\"http://isc.sans.org/diary.html?storyid=5929\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2009-0332.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2009-0334.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34012\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34226\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34293\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35074\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200903-23.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1021750\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT3549\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-01.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/33880\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-133A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0513\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0743\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1297\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=487142\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48887\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://isc.sans.org/diary.html?storyid=5929\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2009-0332.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2009-0334.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34012\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34226\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34293\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200903-23.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1021750\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/33880\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-133A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0513\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0743\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1297\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=487142\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48887\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

rhsa-2009:0332

Vulnerability from csaf_redhat

Published

2009-02-25 23:56

Modified

2025-09-26 03:07

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

The flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in. Multiple input validation flaws were found in the way Flash Player displayed certain SWF (Shockwave Flash) content. An attacker could use these flaws to create a specially-crafted SWF file that could cause flash-plugin to crash, or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-0520, CVE-2009-0519) It was discovered that Adobe Flash Player had an insecure RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. A local user with write access to the directory pointed to by RPATH could use this flaw to execute arbitrary code with the privileges of the user running Adobe Flash Player. (CVE-2009-0521) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.0.22.87.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nIt was discovered that Adobe Flash Player had an insecure RPATH (runtime\nlibrary search path) set in the ELF (Executable and Linking Format) header.\nA local user with write access to the directory pointed to by RPATH could\nuse this flaw to execute arbitrary code with the privileges of the user\nrunning Adobe Flash Player. (CVE-2009-0521)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.22.87.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:0332",
        "url": "https://access.redhat.com/errata/RHSA-2009:0332"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-01.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/products/flashplayer/",
        "url": "http://www.adobe.com/products/flashplayer/"
      },
      {
        "category": "external",
        "summary": "487141",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141"
      },
      {
        "category": "external",
        "summary": "487142",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
      },
      {
        "category": "external",
        "summary": "487144",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487144"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0332.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2025-09-26T03:07:14+00:00",
      "generator": {
        "date": "2025-09-26T03:07:14+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.8"
        }
      },
      "id": "RHSA-2009:0332",
      "initial_release_date": "2009-02-25T23:56:00+00:00",
      "revision_history": [
        {
          "date": "2009-02-25T23:56:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-02-25T18:56:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-09-26T03:07:14+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:10.0.22.87-1.el5.i386",
                "product": {
                  "name": "flash-plugin-0:10.0.22.87-1.el5.i386",
                  "product_id": "flash-plugin-0:10.0.22.87-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@10.0.22.87-1.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.22.87-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.22.87-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.22.87-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.22.87-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-0519",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487141"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Input validation flaw (DoS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0519"
        },
        {
          "category": "external",
          "summary": "RHBZ#487141",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0519",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0519"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0519",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0519"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:56:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0332"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Input validation flaw (DoS)"
    },
    {
      "cve": "CVE-2009-0520",
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487142"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file.",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0520"
        },
        {
          "category": "external",
          "summary": "RHBZ#487142",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0520",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0520"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:56:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0332"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file."
    },
    {
      "cve": "CVE-2009-0521",
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487144"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Linux-specific information disclosure (privilege escalation)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0521"
        },
        {
          "category": "external",
          "summary": "RHBZ#487144",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487144"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0521",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0521"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0521",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0521"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:56:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0332"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "flash-plugin: Linux-specific information disclosure (privilege escalation)"
    }
  ]
}

rhsa-2009_0332

Vulnerability from csaf_redhat

Published

2009-02-25 23:56

Modified

2024-11-14 10:07

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nIt was discovered that Adobe Flash Player had an insecure RPATH (runtime\nlibrary search path) set in the ELF (Executable and Linking Format) header.\nA local user with write access to the directory pointed to by RPATH could\nuse this flaw to execute arbitrary code with the privileges of the user\nrunning Adobe Flash Player. (CVE-2009-0521)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.22.87.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:0332",
        "url": "https://access.redhat.com/errata/RHSA-2009:0332"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-01.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/products/flashplayer/",
        "url": "http://www.adobe.com/products/flashplayer/"
      },
      {
        "category": "external",
        "summary": "487141",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141"
      },
      {
        "category": "external",
        "summary": "487142",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
      },
      {
        "category": "external",
        "summary": "487144",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487144"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0332.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:07:18+00:00",
      "generator": {
        "date": "2024-11-14T10:07:18+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2009:0332",
      "initial_release_date": "2009-02-25T23:56:00+00:00",
      "revision_history": [
        {
          "date": "2009-02-25T23:56:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-02-25T18:56:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:07:18+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:10.0.22.87-1.el5.i386",
                "product": {
                  "name": "flash-plugin-0:10.0.22.87-1.el5.i386",
                  "product_id": "flash-plugin-0:10.0.22.87-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@10.0.22.87-1.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.22.87-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.22.87-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.22.87-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.22.87-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-0519",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487141"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Input validation flaw (DoS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0519"
        },
        {
          "category": "external",
          "summary": "RHBZ#487141",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0519",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0519"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0519",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0519"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:56:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0332"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Input validation flaw (DoS)"
    },
    {
      "cve": "CVE-2009-0520",
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487142"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file.",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0520"
        },
        {
          "category": "external",
          "summary": "RHBZ#487142",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0520",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0520"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:56:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0332"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file."
    },
    {
      "cve": "CVE-2009-0521",
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487144"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Linux-specific information disclosure (privilege escalation)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0521"
        },
        {
          "category": "external",
          "summary": "RHBZ#487144",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487144"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0521",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0521"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0521",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0521"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:56:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0332"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "flash-plugin: Linux-specific information disclosure (privilege escalation)"
    }
  ]
}

RHSA-2009:0332

Vulnerability from csaf_redhat

Published

2009-02-25 23:56

Modified

2025-09-26 03:07

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nIt was discovered that Adobe Flash Player had an insecure RPATH (runtime\nlibrary search path) set in the ELF (Executable and Linking Format) header.\nA local user with write access to the directory pointed to by RPATH could\nuse this flaw to execute arbitrary code with the privileges of the user\nrunning Adobe Flash Player. (CVE-2009-0521)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.22.87.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:0332",
        "url": "https://access.redhat.com/errata/RHSA-2009:0332"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-01.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/products/flashplayer/",
        "url": "http://www.adobe.com/products/flashplayer/"
      },
      {
        "category": "external",
        "summary": "487141",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141"
      },
      {
        "category": "external",
        "summary": "487142",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
      },
      {
        "category": "external",
        "summary": "487144",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487144"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0332.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2025-09-26T03:07:14+00:00",
      "generator": {
        "date": "2025-09-26T03:07:14+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.8"
        }
      },
      "id": "RHSA-2009:0332",
      "initial_release_date": "2009-02-25T23:56:00+00:00",
      "revision_history": [
        {
          "date": "2009-02-25T23:56:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-02-25T18:56:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-09-26T03:07:14+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:10.0.22.87-1.el5.i386",
                "product": {
                  "name": "flash-plugin-0:10.0.22.87-1.el5.i386",
                  "product_id": "flash-plugin-0:10.0.22.87-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@10.0.22.87-1.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.22.87-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.22.87-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.22.87-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.22.87-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-0519",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487141"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Input validation flaw (DoS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0519"
        },
        {
          "category": "external",
          "summary": "RHBZ#487141",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0519",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0519"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0519",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0519"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:56:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0332"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Input validation flaw (DoS)"
    },
    {
      "cve": "CVE-2009-0520",
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487142"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file.",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0520"
        },
        {
          "category": "external",
          "summary": "RHBZ#487142",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0520",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0520"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:56:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0332"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file."
    },
    {
      "cve": "CVE-2009-0521",
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487144"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Linux-specific information disclosure (privilege escalation)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0521"
        },
        {
          "category": "external",
          "summary": "RHBZ#487144",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487144"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0521",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0521"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0521",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0521"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:56:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0332"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.22.87-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "flash-plugin: Linux-specific information disclosure (privilege escalation)"
    }
  ]
}

rhsa-2009_0334

Vulnerability from csaf_redhat

Published

2009-02-25 23:57

Modified

2024-11-14 10:07

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 3 and 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 3 and 4 Extras.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.159.0.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:0334",
        "url": "https://access.redhat.com/errata/RHSA-2009:0334"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-01.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/products/flashplayer/",
        "url": "http://www.adobe.com/products/flashplayer/"
      },
      {
        "category": "external",
        "summary": "487141",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141"
      },
      {
        "category": "external",
        "summary": "487142",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0334.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:07:24+00:00",
      "generator": {
        "date": "2024-11-14T10:07:24+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2009:0334",
      "initial_release_date": "2009-02-25T23:57:00+00:00",
      "revision_history": [
        {
          "date": "2009-02-25T23:57:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-02-25T18:57:39+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:07:24+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.159.0-1.el4.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.159.0-1.el4.i386",
                  "product_id": "flash-plugin-0:9.0.159.0-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.159.0-1.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
                  "product_id": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.159.0-1.el3.with.oss?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-0519",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487141"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Input validation flaw (DoS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0519"
        },
        {
          "category": "external",
          "summary": "RHBZ#487141",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0519",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0519"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0519",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0519"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:57:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0334"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Input validation flaw (DoS)"
    },
    {
      "cve": "CVE-2009-0520",
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487142"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file.",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0520"
        },
        {
          "category": "external",
          "summary": "RHBZ#487142",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0520",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0520"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:57:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0334"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file."
    }
  ]
}

rhsa-2009:0334

Vulnerability from csaf_redhat

Published

2009-02-25 23:57

Modified

2025-09-26 03:07

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 3 and 4 Extras.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.159.0.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:0334",
        "url": "https://access.redhat.com/errata/RHSA-2009:0334"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-01.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/products/flashplayer/",
        "url": "http://www.adobe.com/products/flashplayer/"
      },
      {
        "category": "external",
        "summary": "487141",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141"
      },
      {
        "category": "external",
        "summary": "487142",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0334.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2025-09-26T03:07:14+00:00",
      "generator": {
        "date": "2025-09-26T03:07:14+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.8"
        }
      },
      "id": "RHSA-2009:0334",
      "initial_release_date": "2009-02-25T23:57:00+00:00",
      "revision_history": [
        {
          "date": "2009-02-25T23:57:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-02-25T18:57:39+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-09-26T03:07:14+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.159.0-1.el4.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.159.0-1.el4.i386",
                  "product_id": "flash-plugin-0:9.0.159.0-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.159.0-1.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
                  "product_id": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.159.0-1.el3.with.oss?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-0519",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487141"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Input validation flaw (DoS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0519"
        },
        {
          "category": "external",
          "summary": "RHBZ#487141",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0519",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0519"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0519",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0519"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:57:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0334"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Input validation flaw (DoS)"
    },
    {
      "cve": "CVE-2009-0520",
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487142"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file.",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0520"
        },
        {
          "category": "external",
          "summary": "RHBZ#487142",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0520",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0520"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:57:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0334"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file."
    }
  ]
}

RHSA-2009:0334

Vulnerability from csaf_redhat

Published

2009-02-25 23:57

Modified

2025-09-26 03:07

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 3 and 4 Extras.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.159.0.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:0334",
        "url": "https://access.redhat.com/errata/RHSA-2009:0334"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-01.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/products/flashplayer/",
        "url": "http://www.adobe.com/products/flashplayer/"
      },
      {
        "category": "external",
        "summary": "487141",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141"
      },
      {
        "category": "external",
        "summary": "487142",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0334.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2025-09-26T03:07:14+00:00",
      "generator": {
        "date": "2025-09-26T03:07:14+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.8"
        }
      },
      "id": "RHSA-2009:0334",
      "initial_release_date": "2009-02-25T23:57:00+00:00",
      "revision_history": [
        {
          "date": "2009-02-25T23:57:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-02-25T18:57:39+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-09-26T03:07:14+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.159.0-1.el4.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.159.0-1.el4.i386",
                  "product_id": "flash-plugin-0:9.0.159.0-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.159.0-1.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
                  "product_id": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.159.0-1.el3.with.oss?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.159.0-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.159.0-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-0519",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487141"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Input validation flaw (DoS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0519"
        },
        {
          "category": "external",
          "summary": "RHBZ#487141",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487141"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0519",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0519"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0519",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0519"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:57:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0334"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Input validation flaw (DoS)"
    },
    {
      "cve": "CVE-2009-0520",
      "discovery_date": "2009-02-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "487142"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file.",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0520"
        },
        {
          "category": "external",
          "summary": "RHBZ#487142",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0520",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0520"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520"
        }
      ],
      "release_date": "2009-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-02-25T23:57:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0334"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.159.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.159.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.159.0-1.el4.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file."
    }
  ]
}

ghsa-8fmr-hfvg-xqm4

Vulnerability from github

Published

2022-05-02 03:16

Modified

2022-05-02 03:16

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0520"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-02-26T16:17:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"",
  "id": "GHSA-8fmr-hfvg-xqm4",
  "modified": "2022-05-02T03:16:15Z",
  "published": "2022-05-02T03:16:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0520"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48887"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593"
    },
    {
      "type": "WEB",
      "url": "http://isc.sans.org/diary.html?storyid=5929"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34012"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34226"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34293"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35074"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1021750"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3549"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/33880"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0513"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0743"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1297"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-AVI-076

Vulnerability from certfr_avis

Plusieurs vulnérabilités affectent le lecteur multimédia Adobe Flash Player. Certaines d'entre elles permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités affectent le lecteur multimédia Adobe Flash Player :

la première concerne le module Settings Manager. L'exploitation de cette vulnérabilité sous forme de détournement de clic (clickjacking) permet à un utilisateur malveillant d'exécuter du code arbitraire sur le système vulnérable ;
un défaut de validation des données entrées permet à un utilisateur malveillant de provoquer un arrêt inopiné du lecteur ;
un problème permet de provoquer un débordement de tampon. Son exploitation pour exécuter du code arbitraire à distance serait possible ;
sur les plateformes Linux, un défaut permet à un utilisateur malveillant de lire des données et d'élever ses privilèges ;
sur les plateformes Windows, la gestion défectueuse du pointeur de souris permet à un utilisateur malveillant de réaliser du clickjacking. Cette exploitation permet à un utilisateur malveillant d'exécuter du code arbitraire sur le système vulnérable.

Solution

La version 10.0.22.87 remédie à ces vulnérabilités.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Adobe	N/A	Adobe Flash Player, version 10.0.12.36 et versions précédentes ;
	Adobe	N/A	Adobe Flash Player, version 10.0.15.3 pour Linux et versions précédentes.

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB09-01 du 24 février 2009	None	vendor-advisory
Bulletin de sécurité Red Hat RHSA-2009:0334 du 25 février 2009 :	-	other
Bulletin d'actualité du CERTA du 10 octobre 2008, section 3 :	-	other
Bulletin de sécurité Red Hat RHSA-2009:0332 du 25 février 2009 :	-	other
Bulletin de sécurité SuSE SuSE-SA:2009:011 du 26 février 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player, version 10.0.12.36 et versions pr\u00e9c\u00e9dentes ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player, version 10.0.15.3 pour Linux et versions pr\u00e9c\u00e9dentes.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent le lecteur multim\u00e9dia Adobe Flash\nPlayer\u00a0:\n\n-   la premi\u00e8re concerne le module Settings Manager. L\u0027exploitation de\n    cette vuln\u00e9rabilit\u00e9 sous forme de d\u00e9tournement de clic\n    (clickjacking) permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du\n    code arbitraire sur le syst\u00e8me vuln\u00e9rable\u00a0;\n-   un d\u00e9faut de validation des donn\u00e9es entr\u00e9es permet \u00e0 un utilisateur\n    malveillant de provoquer un arr\u00eat inopin\u00e9 du lecteur\u00a0;\n-   un probl\u00e8me permet de provoquer un d\u00e9bordement de tampon. Son\n    exploitation pour ex\u00e9cuter du code arbitraire \u00e0 distance serait\n    possible\u00a0;\n-   sur les plateformes Linux, un d\u00e9faut permet \u00e0 un utilisateur\n    malveillant de lire des donn\u00e9es et d\u0027\u00e9lever ses privil\u00e8ges\u00a0;\n-   sur les plateformes Windows, la gestion d\u00e9fectueuse du pointeur de\n    souris permet \u00e0 un utilisateur malveillant de r\u00e9aliser du\n    clickjacking. Cette exploitation permet \u00e0 un utilisateur malveillant\n    d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nLa version 10.0.22.87 rem\u00e9die \u00e0 ces vuln\u00e9rabilit\u00e9s.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0521"
    },
    {
      "name": "CVE-2009-0114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0114"
    },
    {
      "name": "CVE-2009-0522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0522"
    },
    {
      "name": "CVE-2009-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0519"
    },
    {
      "name": "CVE-2009-0520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0520"
    }
  ],
  "initial_release_date": "2009-02-25T00:00:00",
  "last_revision_date": "2009-03-06T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2009:0334 du 25 f\u00e9vrier    2009 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0334.html"
    },
    {
      "title": "Bulletin d\u0027actualit\u00e9 du CERTA du 10 octobre 2008, section 3    :",
      "url": "http://www.certa.ssi.gouv.fr//site/CERTA-2008-ACT-041/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2009:0332 du 25 f\u00e9vrier    2009 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0332.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SuSE-SA:2009:011 du 26 f\u00e9vrier    2009 :",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00004.html"
    }
  ],
  "reference": "CERTA-2009-AVI-076",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-02-25T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Red Hat et SuSE.",
      "revision_date": "2009-03-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent le lecteur multim\u00e9dia Adobe Flash\nPlayer. Certaines d\u0027entre elles permettent \u00e0 un utilisateur malveillant\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s d\u0027Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB09-01 du 24 f\u00e9vrier 2009",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
    }
  ]
}

CERTA-2009-AVI-186

Vulnerability from certfr_avis

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X. L'exploitation de certaines d'entre elles peut conduire à l'exécution de code arbitraire à distance sur le système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X. Elles touchent divers composants et services installés comme CFNetworks (manipulation des échanges HTTP), CoreGraphics (manipulation de fichiers PDF), Help Viewer (manipulation de l'URI help:), QuickDraw Manager (manipulation d'images PICT), Safari (manipulation de l'URI feed:), OpenSSL, PHP, WebKit, X11, etc.

L'exploitation de certaines de ces vulnérabilités peut conduire à l'exécution de code arbitraire à distance sur le système vulnérable.

Solution

Se référer au bulletin de sécurité 2009-002 de Apple pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Mac OS X Server version 10.4.11 ainsi que celles antérieures.
Apple	N/A	Mac OS X Server version 10.5.6 ainsi que celles antérieures ;
Apple	N/A	Mac OS X version 10.5.6 ainsi que celles antérieures ;
Apple	N/A	Mac OS X version 10.4.11 ainsi que celles antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité 2009-002 Apple du 12 mai 2009	None	vendor-advisory
Détails concernant la mise à jour de sécurité 2009-002 du 12 mai 2009 :	-	other
Bulletin de sécurité Apple 61798 du 12 mai 2009 :	-	other
Détails concernant la mise à jour de sécurité 2009-002 du 12 mai 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server version 10.4.11 ainsi que celles ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server version 10.5.6 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.5.6 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.4.11 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. Elles touchent divers composants et\nservices install\u00e9s comme CFNetworks (manipulation des \u00e9changes HTTP),\nCoreGraphics (manipulation de fichiers PDF), Help Viewer (manipulation\nde l\u0027URI help:), QuickDraw Manager (manipulation d\u0027images PICT), Safari\n(manipulation de l\u0027URI feed:), OpenSSL, PHP, WebKit, X11, etc.\n\nL\u0027exploitation de certaines de ces vuln\u00e9rabilit\u00e9s peut conduire \u00e0\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 2009-002 de Apple pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0160"
    },
    {
      "name": "CVE-2009-0147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0147"
    },
    {
      "name": "CVE-2008-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3652"
    },
    {
      "name": "CVE-2009-0846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0846"
    },
    {
      "name": "CVE-2008-5557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
    },
    {
      "name": "CVE-2009-0847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0847"
    },
    {
      "name": "CVE-2009-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0155"
    },
    {
      "name": "CVE-2008-3657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3657"
    },
    {
      "name": "CVE-2009-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0153"
    },
    {
      "name": "CVE-2008-1517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1517"
    },
    {
      "name": "CVE-2008-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2008-0456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0456"
    },
    {
      "name": "CVE-2009-0943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0943"
    },
    {
      "name": "CVE-2009-0157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0157"
    },
    {
      "name": "CVE-2008-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3651"
    },
    {
      "name": "CVE-2009-0010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0010"
    },
    {
      "name": "CVE-2009-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0040"
    },
    {
      "name": "CVE-2008-1382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1382"
    },
    {
      "name": "CVE-2004-1185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1185"
    },
    {
      "name": "CVE-2009-0148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0148"
    },
    {
      "name": "CVE-2008-2371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2371"
    },
    {
      "name": "CVE-2008-3658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3658"
    },
    {
      "name": "CVE-2008-3443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3443"
    },
    {
      "name": "CVE-2008-3659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3659"
    },
    {
      "name": "CVE-2009-0025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0025"
    },
    {
      "name": "CVE-2008-3863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3863"
    },
    {
      "name": "CVE-2008-2383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2383"
    },
    {
      "name": "CVE-2008-3530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3530"
    },
    {
      "name": "CVE-2009-0149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0149"
    },
    {
      "name": "CVE-2009-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0154"
    },
    {
      "name": "CVE-2008-3790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3790"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2008-2829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2829"
    },
    {
      "name": "CVE-2009-0165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0165"
    },
    {
      "name": "CVE-2009-0144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0144"
    },
    {
      "name": "CVE-2009-0162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0162"
    },
    {
      "name": "CVE-2008-3655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3655"
    },
    {
      "name": "CVE-2004-1186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1186"
    },
    {
      "name": "CVE-2008-2665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2665"
    },
    {
      "name": "CVE-2009-0114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0114"
    },
    {
      "name": "CVE-2008-2666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2666"
    },
    {
      "name": "CVE-2009-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0021"
    },
    {
      "name": "CVE-2009-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0519"
    },
    {
      "name": "CVE-2009-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0145"
    },
    {
      "name": "CVE-2008-3656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3656"
    },
    {
      "name": "CVE-2009-0146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0146"
    },
    {
      "name": "CVE-2009-0844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0844"
    },
    {
      "name": "CVE-2009-0942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0942"
    },
    {
      "name": "CVE-2009-0152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0152"
    },
    {
      "name": "CVE-2009-0156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0156"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2009-0150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0150"
    },
    {
      "name": "CVE-2008-4309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
    },
    {
      "name": "CVE-2007-2754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2754"
    },
    {
      "name": "CVE-2009-0845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0845"
    },
    {
      "name": "CVE-2009-0944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0944"
    },
    {
      "name": "CVE-2009-0164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0164"
    },
    {
      "name": "CVE-2009-0520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0520"
    },
    {
      "name": "CVE-2008-2939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2939"
    },
    {
      "name": "CVE-2009-0161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0161"
    },
    {
      "name": "CVE-2008-0158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0158"
    },
    {
      "name": "CVE-2004-1184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1184"
    },
    {
      "name": "CVE-2008-5077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5077"
    },
    {
      "name": "CVE-2006-0747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0747"
    },
    {
      "name": "CVE-2009-0945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0945"
    }
  ],
  "initial_release_date": "2009-05-13T00:00:00",
  "last_revision_date": "2009-05-13T00:00:00",
  "links": [
    {
      "title": "D\u00e9tails concernant la mise \u00e0 jour de s\u00e9curit\u00e9 2009-002 du    12 mai 2009\u00a0:",
      "url": "http://support.apple.com/kb/HT3397"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 61798 du 12 mai 2009 :",
      "url": "http://docs.info.apple.com/article.html?artnum=61798"
    },
    {
      "title": "D\u00e9tails concernant la mise \u00e0 jour de s\u00e9curit\u00e9 2009-002 du    12 mai 2009\u00a0:",
      "url": "http://support.apple.com/kb/HT3549"
    }
  ],
  "reference": "CERTA-2009-AVI-186",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. L\u0027exploitation de certaines d\u0027entre elles\npeut conduire \u00e0 l\u0027ex\u00e9cution de code arbitraire \u00e0 distance sur le syst\u00e8me\nvuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 2009-002 Apple du 12 mai 2009",
      "url": null
    }
  ]
}

fkie_cve-2009-0520

Vulnerability from fkie_nvd

Published

2009-02-26 16:17

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://isc.sans.org/diary.html?storyid=5929	Patch
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2009-0332.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2009-0334.html
cve@mitre.org	http://secunia.com/advisories/34012
cve@mitre.org	http://secunia.com/advisories/34226
cve@mitre.org	http://secunia.com/advisories/34293
cve@mitre.org	http://secunia.com/advisories/35074
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200903-23.xml
cve@mitre.org	http://securitytracker.com/id?1021750
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1
cve@mitre.org	http://support.apple.com/kb/HT3549
cve@mitre.org	http://www.adobe.com/support/security/bulletins/apsb09-01.html	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/33880	Patch
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0513	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0743
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1297
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=487142
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/48887
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593
af854a3a-2127-422b-91ae-364da2661108	http://isc.sans.org/diary.html?storyid=5929	Patch
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2009-0332.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2009-0334.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34012
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34226
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34293
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35074
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200903-23.xml
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1021750
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3549
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-01.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33880	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0513	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0743
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1297
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=487142
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/48887
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593

Impacted products

Vendor	Product	Version
adobe	air	1.5
adobe	flash_player	*
adobe	flash_player	7.0
adobe	flash_player	7.0.1
adobe	flash_player	7.0.25
adobe	flash_player	7.0.63
adobe	flash_player	7.0.63
adobe	flash_player	7.0.69.0
adobe	flash_player	7.0.70.0
adobe	flash_player	7.1
adobe	flash_player	7.1.1
adobe	flash_player	7.2
adobe	flash_player	8.0
adobe	flash_player	8.0
adobe	flash_player	8.0
adobe	flash_player	8.0.24.0
adobe	flash_player	8.0.34.0
adobe	flash_player	8.0.35.0
adobe	flash_player	8.0.39.0
adobe	flash_player	9.0.16
adobe	flash_player	9.0.20
adobe	flash_player	9.0.20.0
adobe	flash_player	9.0.28
adobe	flash_player	9.0.28.0
adobe	flash_player	9.0.31.0
adobe	flash_player	9.0.45.0
adobe	flash_player	9.0.47.0
adobe	flash_player	9.0.48.0
adobe	flash_player	9.0.112.0
adobe	flash_player	9.0.114.0
adobe	flash_player	9.0.115.0
adobe	flash_player	9.0.124.0
adobe	flash_player	10.0.0.584
adobe	flash_player	10.0.12.10
adobe	flash_player	cs3
adobe	flash_player	cs4
adobe	flash_player_for_linux	*
adobe	flex	3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "15DDE65E-ED35-42B6-A139-BB6F571B5967",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "67971799-2A4E-4FD2-BF8B-5E0B82032E55",
              "versionEndIncluding": "10.0.12.36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*",
              "matchCriteriaId": "C00E5438-DBD7-4A47-8E5F-0D3946EA3102",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*",
              "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*",
              "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E4028B-72E7-4E4A-AD0F-645F5AACAA29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:cs3:*:pro:*:*:*:*:*",
              "matchCriteriaId": "A3618623-8C9F-47CA-BBF6-B0DA98CB41FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:cs4:*:pro:*:*:*:*:*",
              "matchCriteriaId": "9E1093EF-0A76-4757-9D8D-6808A5D95C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A72D07B5-1311-4653-8E84-7414E11A797C",
              "versionEndIncluding": "10.0.15.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D250C7-E7DE-491C-9FE3-F9F77C971B24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\""
    },
    {
      "lang": "es",
      "value": "Adobe Flash Player v9.x anteriores a v9.0.159.0 y 10.x before 10.0.22.87 no elimina apropiadamente referencias a objetos destruidos durante el procesado de un archivo Shockwave Flash, lo que permite a los atacantes remotos ejecutar arbitrariamente c\u00f3digo a trav\u00e9s de un fichero manipulado, en relaci\u00f3n a un \"asunto de desbordamiento de b\u00fafer\"."
    }
  ],
  "id": "CVE-2009-0520",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-02-26T16:17:19.890",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://isc.sans.org/diary.html?storyid=5929"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34012"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34226"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34293"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35074"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1021750"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3549"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/33880"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0513"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/0743"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/1297"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48887"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://isc.sans.org/diary.html?storyid=5929"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1021750"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/33880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0513"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48887"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2009-0520

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-0520

Aliases

CVE-2009-0520

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0520",
    "description": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"",
    "id": "GSD-2009-0520",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-0520.html",
      "https://access.redhat.com/errata/RHSA-2009:0334",
      "https://access.redhat.com/errata/RHSA-2009:0332"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0520"
      ],
      "details": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"",
      "id": "GSD-2009-0520",
      "modified": "2023-12-13T01:19:44.898117Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-0520",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://isc.sans.org/diary.html?storyid=5929",
            "refsource": "MISC",
            "url": "http://isc.sans.org/diary.html?storyid=5929"
          },
          {
            "name": "http://support.apple.com/kb/HT3549",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3549"
          },
          {
            "name": "RHSA-2009:0332",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html"
          },
          {
            "name": "20090224 Adobe Flash Player Invalid Object Reference Vulnerability",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773"
          },
          {
            "name": "35074",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35074"
          },
          {
            "name": "34226",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34226"
          },
          {
            "name": "APPLE-SA-2009-05-12",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6593",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593"
          },
          {
            "name": "flash-invalid-object-bo(48887)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48887"
          },
          {
            "name": "ADV-2009-0743",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/0743"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb09-01.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
          },
          {
            "name": "ADV-2009-0513",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/0513"
          },
          {
            "name": "GLSA-200903-23",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
          },
          {
            "name": "TA09-133A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:16057",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057"
          },
          {
            "name": "ADV-2009-1297",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1297"
          },
          {
            "name": "33880",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/33880"
          },
          {
            "name": "1021750",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1021750"
          },
          {
            "name": "34293",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34293"
          },
          {
            "name": "254909",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1"
          },
          {
            "name": "RHSA-2009:0334",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=487142",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
          },
          {
            "name": "34012",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34012"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.0.15.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:cs3:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:cs4:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.0.12.36",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0520"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20090224 Adobe Flash Player Invalid Object Reference Vulnerability",
              "refsource": "IDEFENSE",
              "tags": [],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773"
            },
            {
              "name": "RHSA-2009:0334",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html"
            },
            {
              "name": "http://isc.sans.org/diary.html?storyid=5929",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "http://isc.sans.org/diary.html?storyid=5929"
            },
            {
              "name": "ADV-2009-0513",
              "refsource": "VUPEN",
              "tags": [
                "Patch"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0513"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=487142",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
            },
            {
              "name": "RHSA-2009:0332",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-01.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
            },
            {
              "name": "33880",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/33880"
            },
            {
              "name": "34012",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34012"
            },
            {
              "name": "1021750",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1021750"
            },
            {
              "name": "34226",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34226"
            },
            {
              "name": "GLSA-200903-23",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
            },
            {
              "name": "254909",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1"
            },
            {
              "name": "ADV-2009-0743",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/0743"
            },
            {
              "name": "34293",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34293"
            },
            {
              "name": "APPLE-SA-2009-05-12",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
            },
            {
              "name": "ADV-2009-1297",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1297"
            },
            {
              "name": "http://support.apple.com/kb/HT3549",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3549"
            },
            {
              "name": "35074",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35074"
            },
            {
              "name": "TA09-133A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
            },
            {
              "name": "flash-invalid-object-bo(48887)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48887"
            },
            {
              "name": "oval:org.mitre.oval:def:6593",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593"
            },
            {
              "name": "oval:org.mitre.oval:def:16057",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-29T01:33Z",
      "publishedDate": "2009-02-26T16:17Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-0520 (GCVE-0-2009-0520)

Vulnerability from cvelistv5

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from github

Vulnerability from certfr_avis

Description

Solution

Vulnerability from certfr_avis

Description

Solution

Vulnerability from fkie_nvd

Vulnerability from gsd

Tags

Sightings

Nomenclature