CVE-2009-1862 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2009-1862?

CVE-2009-1862 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-1862?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Acrobat, Adobe Acrobat Reader, Adobe Flash Player.

Vulnerability Description

Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Adobe	Acrobat	>= 9.0, <= 9.1.2
Adobe	Acrobat Reader	>= 9.0, <= 9.1.2
Adobe	Flash Player	>= 9.0, <= 9.0.159.0

Related Weaknesses (CWE)

CWE-787

References

http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.htmlBroken LinkVendor Advisory
http://bugs.adobe.com/jira/browse/FP-1265Broken Link
http://isc.sans.org/diary.html?storyid=6847Not Applicable
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlMailing ListThird Party Advisory
http://news.cnet.com/8301-27080_3-10293389-245.htmlBroken Link
http://secunia.com/advisories/36193Broken Link
http://secunia.com/advisories/36374Broken Link
http://secunia.com/advisories/36701Broken Link
http://security.gentoo.org/glsa/glsa-200908-04.xmlThird Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1Broken Link
http://support.apple.com/kb/HT3864Third Party Advisory
http://support.apple.com/kb/HT3865Third Party Advisory
http://www.adobe.com/support/security/advisories/apsa09-03.htmlVendor Advisory
http://www.adobe.com/support/security/bulletins/apsb09-10.htmlNot Applicable

FAQ

What is CVE-2009-1862?

CVE-2009-1862 is a vulnerability with a CVSS score of 7.8 (HIGH). Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or ...

How severe is CVE-2009-1862?

CVE-2009-1862 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-1862?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Acrobat, Adobe Acrobat Reader, Adobe Flash Player.