Adobe Flash Out-of-Bounds Memory Read DoS

Aleph Research Advisory

Identifier

CVE-2009-0519

Severity

Moderate

Product

Adobe Flash

Vulnerable Version

v10.0.12.36 and earlier

Mitigation

Install v10.0.22.87/v9.0.159.0 or later.

Technical Details

A lack of input validation allows a specially crafted SWF file to cause Flash Player to perform an arbitrary memory read. Exploiting the issue results in DoS (i.e crashes the browser). Further analysis might show it may lead to arbitrary code execution as well.

Timeline

01-Mar-17
: Added as ALEPH-2009002.
25-Feb-09
: Public disclosure.

Credit

Roee Hay (@roeehay) of Aleph Research, HCL Technologies

External References

Adobe: Flash Player update available to address security vulnerabilities