Executive Summary

Informations
NameCVE-2009-0519First vendor Publication2009-02-26
VendorCveLast vendor Modification2013-11-02

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0519

CWE : Common Weakness Enumeration

idName
CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6470
 
Oval ID: oval:org.mitre.oval:def:6470
Title: Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
Description: Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0519
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Flash Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15837
 
Oval ID: oval:org.mitre.oval:def:15837
Title: Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
Description: Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.
Family: macos Class: vulnerability
Reference(s): CVE-2009-0519
Version: 3
Platform(s): Apple Mac OS X
Product(s): Adobe Flash Player
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application35
Application1
Application1

OpenVAS Exploits

DateDescription
2010-05-12Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002
File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl
2009-11-17Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-08-17Name : SuSE Security Advisory SUSE-SA:2009:041 (flash-player)
File : nvt/suse_sa_2009_041.nasl
2009-03-13Name : Gentoo Security Advisory GLSA 200903-23 (netscape-flash)
File : nvt/glsa_200903_23.nasl
2009-03-10Name : Adobe Flash Player Multiple Vulnerabilities - Mar09 (Linux)
File : nvt/gb_adobe_flash_player_mult_vuln_mar09_lin.nasl
2009-03-10Name : Adobe Flash Player Multiple Vulnerabilities - Mar09 (Win)
File : nvt/gb_adobe_flash_player_mult_vuln_mar09_win.nasl
2009-03-02Name : SuSE Security Advisory SUSE-SA:2009:011 (flash-player)
File : nvt/suse_sa_2009_011.nasl
2009-03-02Name : RedHat Security Advisory RHSA-2009:0332
File : nvt/RHSA_2009_0332.nasl
2009-03-02Name : RedHat Security Advisory RHSA-2009:0334
File : nvt/RHSA_2009_0334.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
52748Adobe Flash Player Crafted SWF File Handling Arbitrary Code Execution

Nessus® Vulnerability Scanner

DateDescription
2013-01-24Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-0332.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-0334.nasl - Type : ACT_GATHER_INFO
2012-01-04Name : The remote server is affected by a signature validation bypass vulnerability.
File : openssl_0_9_8j.nasl - Type : ACT_GATHER_INFO
2011-01-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_flash-player-6020.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 11 host is missing a security update.
File : suse_11_flash-player-090316.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_1_flash-player-090225.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_0_flash-player-090226.nasl - Type : ACT_GATHER_INFO
2009-05-13Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO
2009-05-13Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO
2009-03-11Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200903-23.nasl - Type : ACT_GATHER_INFO
2009-02-27Name : The remote openSUSE host is missing a security update.
File : suse_flash-player-6022.nasl - Type : ACT_GATHER_INFO
2009-02-26Name : The remote Windows host contains a browser plugin that is affected by multipl...
File : flash_player_apsb09_01.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLEhttp://lists.apple.com/archives/security-announce/2009/May/msg00002.html
BIDhttp://www.securityfocus.com/bid/33890
CERThttp://www.us-cert.gov/cas/techalerts/TA09-133A.html
CONFIRMhttp://support.apple.com/kb/HT3549
http://www.adobe.com/support/security/bulletins/apsb09-01.html
https://bugzilla.redhat.com/show_bug.cgi?id=487141
GENTOOhttp://security.gentoo.org/glsa/glsa-200903-23.xml
MISChttp://isc.sans.org/diary.html?storyid=5929
REDHAThttp://rhn.redhat.com/errata/RHSA-2009-0332.html
http://rhn.redhat.com/errata/RHSA-2009-0334.html
SECUNIAhttp://secunia.com/advisories/34012
http://secunia.com/advisories/34226
http://secunia.com/advisories/34293
http://secunia.com/advisories/35074
SUNALERThttp://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1
VUPENhttp://www.vupen.com/english/advisories/2009/0513
http://www.vupen.com/english/advisories/2009/0743
http://www.vupen.com/english/advisories/2009/1297
XFhttp://xforce.iss.net/xforce/xfdb/48900

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-02-17 10:48:46
  • Multiple Updates
2013-11-04 21:20:39
  • Multiple Updates
2013-05-10 23:43:54
  • Multiple Updates