CVE-2009-1862
CVE-2009-1862
In short
Adobe Reader, Acrobat, and Flash Player contain a memory corruption vulnerability that allows attackers to run malicious code or crash the application by opening specially crafted PDF or Flash files. This flaw was actively exploited in the wild during July 2009.
Technical detail
CWE-787 (out-of-bounds write) in authplay.dll affects Adobe Reader/Acrobat 9.0–9.1.2 and Flash Player 9.0–9.0.159.0 and 10.0–10.0.22.87. Remote attackers can trigger memory corruption through malicious Flash content embedded in PDFs or standalone .swf files, leading to arbitrary code execution or denial of service.
Summary generated and translated by AI from the official description.
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.htmlhttp://bugs.adobe.com/jira/browse/FP-1265http://isc.sans.org/diary.html?storyid=6847http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlhttp://news.cnet.com/8301-27080_3-10293389-245.htmlhttp://secunia.com/advisories/36193http://secunia.com/advisories/36374http://secunia.com/advisories/36701http://security.gentoo.org/glsa/glsa-200908-04.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1http://support.apple.com/kb/HT3864