Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability
Severity: CRITICAL
CVE Identifier: CVE-2009-0520
Advisory Date: JUL 21, 2015
DESCRIPTION
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1003331
Trend Micro Deep Security DPI Rule Name: 1003331 - Adobe Flash Player Invalid Object Reference Remote Code Execution
AFFECTED SOFTWARE AND VERSION
- Adobe Air 1.5
- Adobe Flash Player 10.0.0.584
- Adobe Flash Player 10.0.12.10
- Adobe Flash Player 10.0.12.36
- Adobe Flash Player 7.0
- Adobe Flash Player 7.0.1
- Adobe Flash Player 7.0.25
- Adobe Flash Player 7.0.63
- Adobe Flash Player 7.0.69.0
- Adobe Flash Player 7.0.70.0
- Adobe Flash Player 7.1
- Adobe Flash Player 7.1.1
- Adobe Flash Player 7.2
- Adobe Flash Player 8.0
- Adobe Flash Player 8.0.24.0
- Adobe Flash Player 8.0.34.0
- Adobe Flash Player 8.0.35.0
- Adobe Flash Player 8.0.39.0
- Adobe Flash Player 9.0.112.0
- Adobe Flash Player 9.0.114.0
- Adobe Flash Player 9.0.115.0
- Adobe Flash Player 9.0.124.0
- Adobe Flash Player 9.0.16
- Adobe Flash Player 9.0.20
- Adobe Flash Player 9.0.20.0
- Adobe Flash Player 9.0.28
- Adobe Flash Player 9.0.28.0
- Adobe Flash Player 9.0.31.0
- Adobe Flash Player 9.0.45.0
- Adobe Flash Player 9.0.47.0
- Adobe Flash Player 9.0.48.0
- Adobe Flash Player CS3
- Adobe Flash Player CS4
- Adobe Flash Player For Linux 10.0.15.3
- Adobe Flex 3.0