Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability
Publish Date: 21 juillet 2015
Gravité: : Critique
Identifiant(s) CVE: : CVE-2009-0520
Date du conseil: 21 juillet 2015
Description
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1003331
Trend Micro Deep Security DPI Rule Name: 1003331 - Adobe Flash Player Invalid Object Reference Remote Code Execution
Affected software and version:
- Adobe Air 1.5
- Adobe Flash Player 10.0.0.584
- Adobe Flash Player 10.0.12.10
- Adobe Flash Player 10.0.12.36
- Adobe Flash Player 7.0
- Adobe Flash Player 7.0.1
- Adobe Flash Player 7.0.25
- Adobe Flash Player 7.0.63
- Adobe Flash Player 7.0.69.0
- Adobe Flash Player 7.0.70.0
- Adobe Flash Player 7.1
- Adobe Flash Player 7.1.1
- Adobe Flash Player 7.2
- Adobe Flash Player 8.0
- Adobe Flash Player 8.0.24.0
- Adobe Flash Player 8.0.34.0
- Adobe Flash Player 8.0.35.0
- Adobe Flash Player 8.0.39.0
- Adobe Flash Player 9.0.112.0
- Adobe Flash Player 9.0.114.0
- Adobe Flash Player 9.0.115.0
- Adobe Flash Player 9.0.124.0
- Adobe Flash Player 9.0.16
- Adobe Flash Player 9.0.20
- Adobe Flash Player 9.0.20.0
- Adobe Flash Player 9.0.28
- Adobe Flash Player 9.0.28.0
- Adobe Flash Player 9.0.31.0
- Adobe Flash Player 9.0.45.0
- Adobe Flash Player 9.0.47.0
- Adobe Flash Player 9.0.48.0
- Adobe Flash Player CS3
- Adobe Flash Player CS4
- Adobe Flash Player For Linux 10.0.15.3
- Adobe Flex 3.0