CVE-2009-0520 Information

Description

Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing which allows remote attackers to execute arbitrary code via a crafted file related to a \buffer overflow issue.\

Reference

http://isc.sans.org/diary.html?storyid=5929 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://rhn.redhat.com/errata/RHSA-2009-0332.html http://rhn.redhat.com/errata/RHSA-2009-0334.html http://secunia.com/advisories/34012 http://secunia.com/advisories/34226 http://secunia.com/advisories/34293 http://secunia.com/advisories/35074 http://security.gentoo.org/glsa/glsa-200903-23.xml http://securitytracker.com/id?1021750 http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1 http://support.apple.com/kb/HT3549 http://www.adobe.com/support/security/bulletins/apsb09-01.html http://www.securityfocus.com/bid/33880 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/0513 http://www.vupen.com/english/advisories/2009/0743 http://www.vupen.com/english/advisories/2009/1297 https://bugzilla.redhat.com/show_bug.cgi?id=487142 https://exchange.xforce.ibmcloud.com/vulnerabilities/48887 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A16057 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6593