CVE-2009-1862
HIGH KEVAdobe Acrobat and Reader 9.0-9.1.2 and Flash Player 9.0-9.0.159.0 - Remote Code Execution via Crafted Flash Content
Title source: llmExploitation Summary
CVE-2009-1862 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 8, 2022.
Description
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.
References (21)
Core 21
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-1862
Broken Link vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/259425
Broken Link x_refsource_misc
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99
Mailing List, Third Party Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200908-04.xml
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT3864
Not Applicable x_refsource_misc
http://isc.sans.org/diary.html?storyid=6847
Not Applicable x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb09-13.html
Broken Link, Vendor Advisory x_refsource_misc
http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html
Broken Link x_refsource_misc
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
Mailing List, Third Party Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Broken Link x_refsource_misc
http://bugs.adobe.com/jira/browse/FP-1265
Not Applicable x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb09-10.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36374
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT3865
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36193
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36701
Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/advisories/apsa09-03.html
Broken Link x_refsource_misc
http://news.cnet.com/8301-27080_3-10293389-245.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35759
Scores
CVSS v3
7.8
EPSS
0.5857
EPSS Percentile
98.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-06-08
VulnCheck KEV
2009-07-23
InTheWild.io
2009-09-16
ENISA EUVD
EUVD-2009-1857
CWE
CWE-787
Status
published
Products (3)
adobe/acrobat
9.0 - 9.1.2
adobe/acrobat_reader
9.0 - 9.1.2
adobe/flash_player
9.0 - 9.0.159.0
Published
Jul 23, 2009
KEV Added
Jun 08, 2022
Tracked Since
Feb 18, 2026