This application requires Javascript for optimal performance.

Adobe.Flash.Player.Invalid.Object.Reference.Code.Execution

Release Date

May 22, 2009

Severity

critical

Impact

System Compromise

Description

This indicates an attack attempt against a remote code-execution vulnerability in the Adobe Flash Player.

The vulnerability is caused by an error when the vulnerable software handles a specially crafted SWF file. It allows a remote attacker to execute arbitrary code.

Affected Products

Adobe Flash Player version 10.0.15.3 for Linux and prior
Adobe Flash Player version 10.0.12.36 and prior

Recommended Actions

Upgrade to Adobe Flash Player version 10.0.22.87 or 9.0.159.0:

http://www.adobe.com/go/getflash

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2009-0520

Reference/s

http://www.frsirt.com/english/advisories/2009/0513 (FrSIRT)
http://www.securityfocus.com/bid/33880 (BugTraq)

Reference: VID-17425