CVE-2009-0521 — Sensitive Information Exposure in Adobe Flash Player FOR Linux

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

4.6MEDIUMNVD

EPSS

0.2%

top 51.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player FOR Linux

Timeline

PublishedFeb 26

Latest updateMay 2

Description

Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDadobe/flash_player10.0.15.3+1

Patches

Patch: www.adobe.com ↗Patch: www.vupen.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-h35j-98vm-989g: Untrusted search path vulnerability in Adobe Flash Player 9↗2022-05-02

▶

CVEList

CVE-2009-0521: Untrusted search path vulnerability in Adobe Flash Player 9↗2009-02-26

▶

📋Vendor Advisories

Red Hat

flash-plugin: Linux-specific information disclosure (privilege escalation)↗2009-02-24

▶

💬Community

Bugzilla

CVE-2009-0521 flash-plugin: Linux-specific information disclosure (privilege escalation)↗2009-02-24

▶