CVE-2009-1862

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2009-1862
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
http://www.kb.cert.org/vuls/id/259425 US Government Resource
http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html Vendor Advisory
http://www.securityfocus.com/bid/35759
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99
http://isc.sans.org/diary.html?storyid=6847
http://news.cnet.com/8301-27080_3-10293389-245.html
http://bugs.adobe.com/jira/browse/FP-1265
http://www.adobe.com/support/security/advisories/apsa09-03.html
http://security.gentoo.org/glsa/glsa-200908-04.xml
http://secunia.com/advisories/36193
http://secunia.com/advisories/36374
http://www.adobe.com/support/security/bulletins/apsb09-13.html
http://www.adobe.com/support/security/bulletins/apsb09-10.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
http://support.apple.com/kb/HT3865
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://support.apple.com/kb/HT3864
http://secunia.com/advisories/36701
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*
Information

Published : 2009-07-23 13:30

Updated : 2009-09-15 22:31

NVD link : CVE-2009-1862

Mitre link : CVE-2009-1862

JSON object : View

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

dedicated server usa
Products Affected

adobe

  • acrobat_reader
  • flash_player
  • acrobat