| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.5 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic has been found in Adobe Flash. The affected element is an unknown function. Performing a manipulation results in input validation. This vulnerability was named CVE-2009-0519. There is no available exploit. It is recommended to upgrade the affected component.
Details
A vulnerability classified as problematic has been found in Adobe Flash (Multimedia Player Software) (version now known). This affects some unknown processing. The manipulation with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. This is going to have an impact on availability. The summary by CVE is:
Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.
The bug was discovered 02/24/2009. The weakness was presented 02/25/2009 by Roee Hay with mehrere (Website). The advisory is shared at adobe.com. This vulnerability is uniquely identified as CVE-2009-0519 since 02/10/2009. An attack has to be approached locally. No form of authentication is needed for exploitation. Neither technical details nor an exploit are publicly available.
It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 63873 (RHEL 3 / 4 : flash-plugin (RHSA-2009:0334)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Red Hat Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 116244 (Adobe Flash Player Update Available to Address Security Vulnerabilities (APSB09-01)).
Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (48900), Tenable (63873), SecurityFocus (BID 33890†), OSVDB (52748†) and Secunia (SA34012†). See VDB-46819, VDB-46818, VDB-46817 and VDB-46814 for similar entries. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.adobe.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.0VulDB Meta Temp Score: 3.5
VulDB Base Score: 4.0
VulDB Temp Score: 3.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 63873
Nessus Name: RHEL 3 / 4 : flash-plugin (RHSA-2009:0334)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 800360
OpenVAS Name: Adobe Flash Player Multiple Vulnerabilities - Mar09 (Linux)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Timeline
02/10/2009 🔍02/24/2009 🔍
02/24/2009 🔍
02/24/2009 🔍
02/25/2009 🔍
02/25/2009 🔍
02/25/2009 🔍
02/25/2009 🔍
02/26/2009 🔍
03/01/2009 🔍
03/04/2009 🔍
01/24/2013 🔍
08/28/2019 🔍
Sources
Vendor: adobe.comAdvisory: adobe.com
Researcher: Roee Hay
Organization: mehrere
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2009-0519 (🔍)
GCVE (CVE): GCVE-0-2009-0519
GCVE (VulDB): GCVE-100-3933
OVAL: 🔍
X-Force: 48900 - Adobe Flash Player unspecified SWF file denial of service, Medium Risk
SecurityFocus: 33890 - Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
Secunia: 34012 - Adobe Flash Player Multiple Vulnerabilities, Highly Critical
OSVDB: 52748 - Adobe Flash Player Crafted SWF File Handling Arbitrary Code Execution
Vulnerability Center: 21079 - [APSB09-01] Adobe Flash Player 9 - 9.0.158 and 10 - 10.0.22.86 Unspecified Remote Vulnerability, Medium
Vupen: ADV-2009-0513
See also: 🔍
Entry
Created: 03/04/2009 10:15Updated: 08/28/2019 16:25
Changes: 03/04/2009 10:15 (96), 08/28/2019 16:25 (2)
Complete: 🔍
Cache ID: 216:5FE:103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.