Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0520

CWE-119 — Buffer Overflow8 documents7 sources

Severity

9.3CRITICAL

EPSS

12.5%

top 6.07%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Adobe Flash Player Adobe Flash Player FOR Linux Adobe AIR +1 more

Timeline

PublishedFeb 26

Latest updateMay 2

Description

Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDadobe/flash_player10.0.12.36+31

▶NVDadobe/air1.5

▶NVDadobe/flex3.0

Patches

Patch: isc.sans.org ↗Patch: www.adobe.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-8fmr-hfvg-xqm4: Adobe Flash Player 9↗2022-05-02

▶

CVEList

CVE-2009-0520: Adobe Flash Player 9↗2009-02-26

▶

💥Exploits & PoCs

Exploit-DB

Adobe Flash Player 9/10 - Invalid Object Reference Remote Code Execution↗2009-02-24

▶

📋Vendor Advisories

Red Hat

flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file.↗2009-02-24

▶

🕵️Threat Intelligence

Talos

Rule release for today - April 21st 2009↗2009-04-21

▶

Talos

Rule release for today - April 21st 2009↗2009-04-21

▶

💬Community

Bugzilla

CVE-2009-0520 flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file.↗2009-02-24

▶