Computer Security
[EN] securityvulns.ru no-pyccku


Adobe Flash Player / AIR integer overflow
updated since 03.08.2009
Published:08.08.2009
Source:
SecurityVulns ID:10116
Type:client
Threat Level:
8/10
Description:Integer overflow in intrf_count field of instance_info structure
CVE:CVE-2009-1869 (Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.)
 CVE-2009-1868 (Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 08.07.09: Adobe Flash Player Invalid Loader Object Reference Vulnerability (08.08.2009)
 documentIDEFENSE, iDefense Security Advisory 08.06.09: Adobe Flash Player URL Parsing Heap Overflow Vulnerability (07.08.2009)
 documentRoee Hay, Advisory: Adobe Flash Player and AIR AVM2 intf_count Integer Overflow Remote Code Execution (CVE-2009-1869) (03.08.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod