Информационная безопасность
[RU] switch to English


Целочисленнео переполнение в Adobe Flash Player / AIR
дополнено с 3 августа 2009 г.
Опубликовано:8 августа 2009 г.
Источник:
SecurityVulns ID:10116
Тип:клиент
Уровень опасности:
8/10
Описание:Целочисленное переполнение в поле intf_count структуры instance_info.
CVE:CVE-2009-1869 (Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.)
 CVE-2009-1868 (Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 08.07.09: Adobe Flash Player Invalid Loader Object Reference Vulnerability (08.08.2009)
 documentIDEFENSE, iDefense Security Advisory 08.06.09: Adobe Flash Player URL Parsing Heap Overflow Vulnerability (07.08.2009)
 documentRoee Hay, Advisory: Adobe Flash Player and AIR AVM2 intf_count Integer Overflow Remote Code Execution (CVE-2009-1869) (03.08.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород