CVE-2009-0519

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.

References

http://isc.sans.org/diary.html?storyid=5929

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://rhn.redhat.com/errata/RHSA-2009-0332.html

http://rhn.redhat.com/errata/RHSA-2009-0334.html

http://secunia.com/advisories/34012

http://secunia.com/advisories/34226

http://secunia.com/advisories/34293

http://secunia.com/advisories/35074

http://security.gentoo.org/glsa/glsa-200903-23.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1

http://support.apple.com/kb/HT3549

http://www.adobe.com/support/security/bulletins/apsb09-01.html

http://www.securityfocus.com/bid/33890

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2009/0513

http://www.vupen.com/english/advisories/2009/0743

http://www.vupen.com/english/advisories/2009/1297

https://bugzilla.redhat.com/show_bug.cgi?id=487141

https://exchange.xforce.ibmcloud.com/vulnerabilities/48900

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15837

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6470

Details

Source: MITRE

Published: 2009-02-26

Updated: 2017-09-29

Type: CWE-20

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* versions up to 10.0.12.36 (inclusive)

cpe:2.3:a:adobe:flash_player:cs3:*:pro:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:cs4:*:pro:*:*:*:*:*

cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:* versions up to 10.0.15.3 (inclusive)

cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
63873RHEL 3 / 4 : flash-plugin (RHSA-2009:0334)NessusRed Hat Local Security Checks
high
63872RHEL 5 : flash-plugin (RHSA-2009:0332)NessusRed Hat Local Security Checks
high
51730SuSE 10 Security Update : flash-player (ZYPP Patch Number 6020)NessusSuSE Local Security Checks
high
41391SuSE 11 Security Update : flash-player (SAT Patch Number 612)NessusSuSE Local Security Checks
high
40216openSUSE Security Update : flash-player (flash-player-560)NessusSuSE Local Security Checks
high
39962openSUSE Security Update : flash-player (flash-player-560)NessusSuSE Local Security Checks
high
38744Mac OS X 10.5.x < 10.5.7 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
38743Mac OS X Multiple Vulnerabilities (Security Update 2009-002)NessusMacOS X Local Security Checks
critical
35904GLSA-200903-23 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
35747openSUSE 10 Security Update : flash-player (flash-player-6022)NessusSuSE Local Security Checks
high
35742Flash Player 9.0.159.0 / 10.0.22.87 Multiple Vulnerabilities (APSB09-01)NessusWindows
high
4937Flash Player APSB09-01 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
5023Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
800792Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high