CVE-2009-0520

Related Files

Gentoo Linux Security Advisory 200903-23

Posted Mar 11, 2009

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200903-23 - Multiple vulnerabilities have been identified, the worst of which allow arbitrary code execution on a user's system via a malicious Flash file. Versions less than 10.0.22.87 are affected.

tags | advisory, arbitrary, vulnerability, code execution

systems | linux, gentoo

advisories | CVE-2008-3873, CVE-2008-4401, CVE-2008-4503, CVE-2008-4546, CVE-2008-4818, CVE-2008-4819, CVE-2008-4821, CVE-2008-4822, CVE-2008-4823, CVE-2008-4824, CVE-2008-5361, CVE-2008-5362, CVE-2008-5363, CVE-2008-5499, CVE-2009-0114, CVE-2009-0519, CVE-2009-0520, CVE-2009-0521

SHA-256 | 19b962267c966238dca5f54011babbe8ecee17976d2de766b2b27557b751410f

Download | Favorite | View

iDEFENSE Security Advisory 2009-02-24.1

Posted Feb 25, 2009

Authored by iDefense Labs, Javier Vicente Vallejo | Site idefense.com

iDefense Security Advisory 02.24.09 - Remote exploitation of a invalid object reference vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. During the processing of a Shockwave Flash file, a particular object can be created, along with multiple references that point to the object. The object can be destroyed and its associated references removed. However a reference can incorrectly remain pointing to the object. The invalid object resides in uninitialized memory, which the attacker may control to gain arbitrary execution control. iDefense has confirmed the existence of this vulnerability in latest version of Flash Player, version 9.0.124.0. Previous versions may also be affected.

tags | advisory, remote, arbitrary

advisories | CVE-2009-0520

SHA-256 | 780e892128d7d79681ecb9f2b0c8adb3af7430a9be41d1863f245d1dd740cf75

Download | Favorite | View