Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability CVE-2009-0901 CVE-2009-1862 CVE-2009-1863

Adobe Flash Player: several vulnerabilities

Synthesis of the vulnerability

Several Adobe Flash Player vulnerabilities can be used by an attacker to execute code or to obtain information.
Severity: 4/4.
Creation date: 31/07/2009.

Description of the vulnerability

Several Adobe Flash Player vulnerabilities were announced.

An attacker can generate a memory corruption in the authplay.dll library in order to execute code on victim's computer (VIGILANCE-VUL-8881). [severity:4/4; BID-35759, CVE-2009-1862, VU#259425, >]

Vulnerabilities of Microsoft Active Template Library can be used to execute code on victim's computer (VIGILANCE-VUL-8895). [severity:3/4; BID-35828, BID-35830, BID-35832, CVE-2009-0901, CVE-2009-2395, CVE-2009-2493, VU#456745, >]

An attacker can elevate his privileges. [severity:3/4; BID-35900, CVE-2009-1863, >]

An attacker can generate a heap memory corruption, leading to code execution. [severity:4/4; BID-35904, CVE-2009-1864, >]

A pointer vulnerability can lead to code execution. [severity:3/4; BID-35906, CVE-2009-1865, >]

An attacker can generate a stack overflow leading to code execution. [severity:4/4; BID-35901, CVE-2009-1866, >]

An attacker can deceive the victim to force him to click on a malicious link. [severity:2/4; BID-35905, CVE-2009-1867, >]

An attacker can use a long url in order to generate an overflow. [severity:4/4; BID-35902, CVE-2009-1868, >]

An attacker can generate an integer overflow in AIR AVM2 intf_count leading to code execution. [severity:4/4; BID-35907, CVE-2009-1869, >]

An attacker can invite the victim to save a SWF file in order to obtain sensitive information. [severity:2/4; BID-35908, CVE-2009-1870, >]

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: Adobe Flash Player: several vulnerabilities.
Keywords: 259425 456745 AIR AVM2 Active Adobe Flash Library Microsoft Player SWF Template intf_count several vulnerabilities.
Identifiers: 266108, 6866245, APSB09-10, BID-35759, BID-35828, BID-35830, BID-35832, BID-35890, BID-35900, BID-35901, BID-35902, BID-35904, BID-35905, BID-35906, BID-35907, BID-35908, CVE-2009-0901, CVE-2009-1862, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870, CVE-2009-2395, CVE-2009-2493, RHSA-2009:1188-01, RHSA-2009:1189-01, SUSE-SA:2009:041, TLSA-2009-24, VIGILANCE-VUL-8905, VU#259425, VU#456745.

Information sources

Publications and announces
Source example: APSB09-10 - Security updates available for Adobe Flash Player

Solutions for this vulnerability

Patch or workaround

Supplements

Vulnerability : CVE-2009-1862

An attacker can generate a memory corruption in the authplay.dll library in order to execute code on victim's computer (VIGILANCE-VUL-8881).
Severity: 4/4.
Identifiers: BID-35759, CVE-2009-1862, VU#259425.

Vulnerability : ATL

Vulnerabilities of Microsoft Active Template Library can be used to execute code on victim's computer (VIGILANCE-VUL-8895).
Severity: 3/4.
Identifiers: BID-35828, BID-35830, BID-35832, CVE-2009-0901, CVE-2009-2395, CVE-2009-2493, VU#456745.

Vulnerability : CVE-2009-1863

An attacker can elevate his privileges.
Severity: 3/4.
Identifiers: BID-35900, CVE-2009-1863.

Vulnerability : CVE-2009-1864

An attacker can generate a heap memory corruption, leading to code execution.
Severity: 4/4.
Identifiers: BID-35904, CVE-2009-1864.
Publications and announces

Vulnerability : CVE-2009-1865

A pointer vulnerability can lead to code execution.
Severity: 3/4.
Identifiers: BID-35906, CVE-2009-1865.

Vulnerability : CVE-2009-1866

An attacker can generate a stack overflow leading to code execution.
Severity: 4/4.
Identifiers: BID-35901, CVE-2009-1866.

Vulnerability : CVE-2009-1867

An attacker can deceive the victim to force him to click on a malicious link.
Severity: 2/4.
Identifiers: BID-35905, CVE-2009-1867.

Vulnerability : CVE-2009-1868

An attacker can use a long url in order to generate an overflow.
Severity: 4/4.
Identifiers: BID-35902, CVE-2009-1868.
Publications and announces

Vulnerability : CVE-2009-1869

An attacker can generate an integer overflow in AIR AVM2 intf_count leading to code execution.
Severity: 4/4.
Identifiers: BID-35907, CVE-2009-1869.
Publications and announces

Vulnerability : CVE-2009-1870

An attacker can invite the victim to save a SWF file in order to obtain sensitive information.
Severity: 2/4.
Identifiers: BID-35908, CVE-2009-1870.

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Systems vulnerabilities



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française