No account yet?
Home » Exploits » Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability
Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability E-mail
Feeds - Exploits
Written by Javier Vicente Vallejo   
Monday, 30 March 2009 22:06
Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability


-\\Bugtraq ID:
33880

-\\Class:
Failure to Handle Exceptional Conditions

-\\CVE:
CVE-2009-0520


-\\Remote:
Yes

-\\Local:
No

-\\Published:
Feb 24 2009 12:00AM

-\\Updated:
Mar 30 2009 04:16PM

-\\Credit:
Javier Vicente Vallejo



-\\Vulnerable:
Sun Solaris  10.0_x86
Sun Solaris  10.0
Sun OpenSolaris  build snv_99
Sun OpenSolaris  build snv_96
Sun OpenSolaris  build snv_95
Sun OpenSolaris  build snv_94
Sun OpenSolaris  build snv_93
Sun OpenSolaris  build snv_92
Sun OpenSolaris  build snv_91
Sun OpenSolaris  build snv_90
Sun OpenSolaris  build snv_89
Sun OpenSolaris  build snv_88
Sun OpenSolaris  build snv_87
Sun OpenSolaris  build snv_86
Sun OpenSolaris  build snv_85
Sun OpenSolaris  build snv_84
Sun OpenSolaris  build snv_83
Sun OpenSolaris  build snv_82
Sun OpenSolaris  build snv_81
Sun OpenSolaris  build snv_80
Sun OpenSolaris  build snv_78
Sun OpenSolaris  build snv_77
Sun OpenSolaris  build snv_76
Sun OpenSolaris  build snv_68
Sun OpenSolaris  build snv_67
Sun OpenSolaris  build snv_64
Sun OpenSolaris  build snv_61
Sun OpenSolaris  build snv_59
Sun OpenSolaris  build snv_57
Sun OpenSolaris  build snv_50
Sun OpenSolaris  build snv_47
Sun OpenSolaris  build snv_45
Sun OpenSolaris  build snv_39
Sun OpenSolaris  build snv_36
Sun OpenSolaris  build snv_29
Sun OpenSolaris  build snv_22
Sun OpenSolaris  build snv_19
Sun OpenSolaris  build snv_13
Sun OpenSolaris  build snv_110
Sun OpenSolaris  build snv_109
Sun OpenSolaris  build snv_108
Sun OpenSolaris  build snv_107
Sun OpenSolaris  build snv_106
Sun OpenSolaris  build snv_105
Sun OpenSolaris  build snv_104
Sun OpenSolaris  build snv_104
Sun OpenSolaris  build snv_103
Sun OpenSolaris  build snv_102
Sun OpenSolaris  build snv_101a
Sun OpenSolaris  build snv_101
Sun OpenSolaris  build snv_100
Sun OpenSolaris  build snv_02
Sun OpenSolaris  build snv_01
S.u.S.E. SUSE Linux Enterprise Desktop  10 SP2
S.u.S.E. openSUSE  11.1
S.u.S.E. openSUSE  11.0
S.u.S.E. openSUSE  10.3
S.u.S.E. Novell Linux Desktop  9
RedHat Enterprise Linux WS Extras  4
RedHat Enterprise Linux WS Extras  3
RedHat Enterprise Linux Supplementary  5 server
RedHat Enterprise Linux Extras   4
RedHat Enterprise Linux Extras   3
RedHat Enterprise Linux ES Extras  4
RedHat Enterprise Linux ES Extras  3
RedHat Enterprise Linux Desktop Supplementary  5 client
RedHat Enterprise Linux AS Extras  4
RedHat Enterprise Linux AS Extras  3
RedHat Desktop Extras  4
RedHat Desktop Extras  3
Pardus Linux 2008  0
Gentoo Linux  
Avaya Interactive Response  4.0
Avaya Interactive Response  3.0
Avaya Interactive Response  2.0
Adobe Flex  3.0
Adobe Flash Player Plugin 9.0.31 .0
Adobe Flash Player Plugin 9.0.28 .0
Adobe Flash Player Plugin 9.0.20 .0
Adobe Flash Player Plugin 9.0.16
Adobe Flash Player Plugin 8.0
Adobe Flash Player Plugin 7.0.63
Adobe Flash Player Plugin 7.0.25
Adobe Flash Player Plugin  9.0.45.0
Adobe Flash Player Plugin  9.0.18d60
Adobe Flash Player Plugin  9.0.124.0
Adobe Flash Player Plugin  9.0.124.0
Adobe Flash Player Plugin  9.0.112.0
Adobe Flash Player Plugin  10.0.12.10
Adobe Flash Player 10.0.15 .3
Adobe Flash Player 10.0.12 .36
Adobe Flash Player 10.0.12 .35
Adobe Flash Player 9.0.152 .0
Adobe Flash Player 9.0.151 .0
Adobe Flash Player 9.0.124 .0
Adobe Flash Player  9.0.48.0
Adobe Flash Player  9.0.47.0
Adobe Flash Player  9.0.45.0
Adobe Flash Player  9.0.31.0
Adobe Flash Player  9.0.28.0
Adobe Flash Player  9.0.115.0
Adobe Flash Player  9
Adobe Flash Player  8.0.35.0
Adobe Flash Player  8.0.34.0
Adobe Flash Player  7.0.70.0
Adobe Flash Player  7.0.69.0
Adobe Flash Player  7
Adobe Flash Player  10
Adobe Flash CS4 Professional  0
Adobe Flash CS3 Professional  0
Adobe AIR  1.5



-\\Not Vulnerable:
Sun OpenSolaris  build snv_111
Adobe Flash Player 10.0.22 .87
Adobe AIR 1.5.1



-\\Discussion
Adobe Flash Player is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges
 of the user running the application.  Failed exploit attempts will likely crash
 the application, denying service to legitimate users.

Versions prior to Flash Player 10.0.12.36 are vulnerable.



-\\Exploit(s)/PoC(s):
The following proof-of-concept code is available:


============================
http://www.securityfocus.com/data/vulnerabilities/exploits/flash9f.ocx_9.00.0124.0000_crash.rar



-\\Solution
The vendor released an advisory and updates. Please see the references for more information.


S.u.S.E. openSUSE  11.0
--S.u.S.E.  flash-player-9.0.159.0-0.1.i586.rpm
http://download.opensuse.org/update/11.0/rpm/i586/flash-player-9.0.159.0-0.1.i586.rphttp:
//download.opensuse.org/update/11.0/rpm/i586/flash-player-9.0.159.0-0.1.i586.rpm

S.u.S.E. openSUSE  10.3
--S.u.S.E.  flash-player-9.0.159.0-0.1.i586.rpm
http://download.opensuse.org/update/11.0/rpm/i586/flash-player-9.0.159.0-0.1.i586.rphttp:
//download.opensuse.org/update/11.0/rpm/i586/flash-player-9.0.159.0-0.1.i586.rpm

S.u.S.E. openSUSE  11.1
--S.u.S.E.  flash-player-10.0.22.87-0.1.1.i586.rpm
http://download.opensuse.org/update/11.1/rpm/i586/flash-player-10.0.22.87-0.1.1.i586.rphttp:
//download.opensuse.org/update/11.1/rpm/i586/flash-player-10.0.22.87-0.1.1.i586.rpm

Adobe Flash Player Plugin 7.0.25
--Adobe  Flash Player - current
http://www.adobe.com/go/getflashplayehttp://www.adobe.com/go/getflashplayer

Adobe Flash Player Plugin 7.0.63
--Adobe  Flash Player - current
http://www.adobe.com/go/getflashplayehttp://www.adobe.com/go/getflashplayer

Adobe Flash Player Plugin 8.0
--Adobe  Flash Player - current
http://www.adobe.com/go/getflashplayehttp://www.adobe.com/go/getflashplayer

Adobe Flash Player Plugin 9.0.16
--Adobe  Flash Player - current
http://www.adobe.com/go/getflashplayehttp://www.adobe.com/go/getflashplayer

Adobe Flash Player Plugin 9.0.20 .0
--Adobe  Flash Player - current
http://www.adobe.com/go/getflashplayehttp://www.adobe.com/go/getflashplayer



-\\Reference(s)
--Adobe Flash Homepage
http://www.adobe.com/products/flash  (Adobe)
--Adobe Flash Player Invalid Object Reference Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=77  (iDefense Labs)
--Flash9f.ocx,  Flash Player Plugin 9.00.0124.0000 Bad Pointer Vuln. Exploitable.
http://www.vallejo.cc/proyectos/flash9f.ocx_9.00.0124.0000.ht  (Javier Vicente Vallejo)
--iDefense Security Advisory 02.24.09: Adobe Flash Player Invalid Object Reference
http://www.securityfocus.com/archive/1/50119  (iDefense Labs < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >)
--APSB09-01 Flash Player update available to address security vulnerabilities
http://www.adobe.com/support/security/bulletins/apsb09-01.htm  (Adobe)
--ASA-2009-101 Multiple Security Vulnerabilities in the Adobe Flash Player
http://support.avaya.com/elmodocs2/security/ASA-2009-101.ht  (Avaya)
--Solution 254909: Multiple Security Vulnerabilities in the Adobe Flash Player for
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-  (Sun)
 

Security Services by HSC

Contact us

Become partner
Advertise with us
Join our staff