CVE-2009-1868

Adobe Air < 1.5.1 - Memory Corruption

Title source: rule

Description

Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing.

Exploits (1)

exploitdb WORKING POC VERIFIED

by iDefense · textdosmultiple

https://www.exploit-db.com/exploits/33133

View Code ZIP pw:eip

References (19)

Core 19

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/52185

Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/2086

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200908-04.xml

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT3864

Various Sources x_refsource_confirm

http://www.adobe.com/support/security/bulletins/apsb09-13.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15955

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35902

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1022629

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35890

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/56776

Patch, Vendor Advisory x_refsource_confirm

http://www.adobe.com/support/security/bulletins/apsb09-10.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36374

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6865

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT3865

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36193

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36701

Scores

EPSS 0.1853

EPSS Percentile 95.3%

Details

CWE

CWE-119

Status published

Products (37)

adobe/air 1.0

adobe/air 1.01

adobe/air 1.1

adobe/air 1.5

adobe/air < 1.5.1

adobe/flash_player 7.0

adobe/flash_player 7.0.1

adobe/flash_player 7.0.25

adobe/flash_player 7.0.63 (2 CPE variants)

adobe/flash_player 7.0.69.0

... and 27 more

Published Jul 31, 2009

Tracked Since Feb 18, 2026