Rapid7 Vulnerability & Exploit Database

RHSA-2009:0332: flash-plugin security update

Back to Search

RHSA-2009:0332: flash-plugin security update

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
02/26/2009
Created
07/25/2018
Added
09/12/2009
Modified
07/04/2017

Description

The flash-plugin package contains a Firefox-compatible Adobe Flash PlayerWeb browser plug-in.Multiple input validation flaws were found in the way Flash Playerdisplayed certain SWF (Shockwave Flash) content. An attacker could usethese flaws to create a specially-crafted SWF file that could causeflash-plugin to crash, or, possibly, execute arbitrary code when the victimloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,CVE-2009-0519)It was discovered that Adobe Flash Player had an insecure RPATH (runtimelibrary search path) set in the ELF (Executable and Linking Format) header.A local user with write access to the directory pointed to by RPATH coulduse this flaw to execute arbitrary code with the privileges of the userrunning Adobe Flash Player. (CVE-2009-0521)All users of Adobe Flash Player should install this updated package, whichupgrades Flash Player to version 10.0.22.87.

Solution(s)

  • redhat-upgrade-flash-plugin

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;