Summary
This host is installed with Adobe Products and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to cause remote code execution, compromise system privileges or may cause exposure of sensitive information.
Impact Level: System/Application
Solution
Upgrade to version Adobe Flash Player 9.0.159.0 or 10.0.22.87 http://get.adobe.com/flashplayer
Update to version 1.5.1 for Adobe AIR
http://get.adobe.com/air
Insight
- Error while processing multiple references to an unspecified object which can be exploited by tricking the user to access a malicious crafted SWF file.
- Input validation error in the processing of SWF file.
- Error while displaying the mouse pointer on Windows which may cause 'Clickjacking' attacks.
- Error in the Linux Flash Player binaries which can cause disclosure of sensitive information.
Affected
Adobe AIR version prior to 1.5.1
Adobe Flash Player 9 version prior to 9.0.159.0
Adobe Flash Player 10 version prior to 10.0.22.87
References
Severity
Classification
-
CVE CVE-2009-0114, CVE-2009-0519, CVE-2009-0520, CVE-2009-0521, CVE-2009-0522 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Reader/Acrobat Multiple BOF Vulnerabilities - Jun09 (Win)
- Alleycode HTML Editor Buffer Overflow Vulnerabilities
- Cscope putstring Multiple Buffer Overflow vulnerability
- Adobe Flash Player Multiple Vulnerabilities - Mar09 (Linux)
- CA Internet Security Suite Plus 'KmxSbx.sys' Buffer Overflow Vulnerability