Oval Definition:	oval:org.mitre.oval:def:6593
Revision Date: 2015-03-16 Version: 45 Title: Adobe Flash Player Invalid Object Reference Remote Code Execution Description: Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2009-0520 Platform(s): Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Product(s): Adobe AIR Adobe Flash Player Definition Synopsis Adobe Flash Player section Adobe Flash Player is installed AND Vulnerable version of Adobe Flash Player Adobe Flash Player version installed on the system is less than 9.0.159.0 OR Vulnerable version of Adobe Flash Player 10 Adobe Flash Player version installed on the system is greater than or equal 10.0 AND Adobe Flash Player version installed on the system is less than 10.0.22.87 OR Flash.ocx section Determine if the version of Flash.ocx is less than 9.0.159.0 OR Vulnerable version of Flash.ocx Determine if the version of Flash.ocx is greater than or equal 10.0 AND Determine if the version of Flash.ocx is less than 10.0.22.87 Adobe AIR section Adobe AIR is installed AND Check if the version of Adobe AIR is less than or equal 1.5
BACK