CVE-2009-1862

HIGH KEV

Adobe Acrobat < 9.1.2 - Out-of-Bounds Write

Title source: rule

Description

Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.

References (21)

[Broken Link, Vendor Advisory] http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html

[Broken Link] http://bugs.adobe.com/jira/browse/FP-1265

[Not Applicable] http://isc.sans.org/diary.html?storyid=6847

[Mailing List, Third Party Advisory] http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html

[Mailing List, Third Party Advisory] http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

[Broken Link] http://news.cnet.com/8301-27080_3-10293389-245.html

[Broken Link] http://secunia.com/advisories/36193

[Broken Link] http://secunia.com/advisories/36374

[Broken Link] http://secunia.com/advisories/36701

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200908-04.xml

[Broken Link] http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1

[Third Party Advisory] http://support.apple.com/kb/HT3864

[Third Party Advisory] http://support.apple.com/kb/HT3865

[Vendor Advisory] http://www.adobe.com/support/security/advisories/apsa09-03.html

[Not Applicable] http://www.adobe.com/support/security/bulletins/apsb09-10.html

[Not Applicable] http://www.adobe.com/support/security/bulletins/apsb09-13.html

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/259425

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/35759

[Broken Link] http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99

[Broken Link] http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability

... and 1 more

Scores

CVSS v3 7.8

EPSS 0.5857

EPSS Percentile 98.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2022-06-08

VulnCheck KEV 2009-07-23

InTheWild.io 2009-09-16

ENISA EUVD EUVD-2009-1857

Classification

CWE

CWE-787

Status draft

Affected Products (3)

adobe/acrobat < 9.1.2

adobe/acrobat_reader < 9.1.2

adobe/flash_player < 9.0.159.0

Timeline

Published Jul 23, 2009

KEV Added Jun 08, 2022

Tracked Since Feb 18, 2026