CVE Database · CVE-2009-0520
CVSS v3.1
N/A
EPSS
28.48%
Published
Feb 26, 2009
Modified
Apr 22, 2026
Public PoC / Exploit (2)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."
Weaknesses (CWE)
Affected Products (38)
References (20)
