Summary
This host is installed with Adobe Products and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to cause remote code execution, compromise system privileges or may cause exposure of sensitive information.
Impact Level: System/Application
Solution
Update to version 1.5.1 for Adobe Air.
http://get.adobe.com/air
Update to Adobe Flash Player 9.0.159.0 or 10.0.22.87 and Adobe CS3/CS4, Flex 3
http://get.adobe.com/flashplayer
http://www.adobe.com/support/flashplayer/downloads.html#fp9
Insight
- Error while processing multiple references to an unspecified object which can be exploited by tricking the user to accessing a malicious crafted SWF file.
- Input validation error in the processing of SWF file.
- Error while displaying the mouse pointer on Windows which may cause 'Clickjacking' attacks.
Affected
Adobe Flex version 3.x or 2.x
Adobe AIR version prior to 1.5.1
Adobe Flash CS3/CS4 Professional
Adobe Flash Player 9 version prior to 9.0.159.0
Adobe Flash Player 10 version prior to 10.0.22.87
References
Severity
Classification
-
CVE CVE-2009-0114, CVE-2009-0519, CVE-2009-0520, CVE-2009-0522 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- BaoFeng Storm '.smpl' File Buffer Overflow Vulnerability
- Cscope Multiple Buffer Overflow vulnerability
- Adobe InDesign 'INDD' File Handling Remote Buffer Overflow Vulnerability
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows)
- CA ARCserve Backup Multiple Bufffer Overflow Vulnerabilities