9.3
CVE-2009-1862
- EPSS 25.01%
- Veröffentlicht 23.07.2009 20:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Acrobat Reader Version >= 9.0 <= 9.1.2
Adobe ≫ Flash Player Version >= 9.0 <= 9.0.159.0
Adobe ≫ Flash Player Version >= 10.0 <= 10.0.22.87
08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
SchwachstelleAdobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
BeschreibungFor Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 25.01% | 0.976 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://secunia.com/advisories/36701
http://support.apple.com/kb/HT3865
http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html
http://bugs.adobe.com/jira/browse/FP-1265
http://isc.sans.org/diary.html?storyid=6847
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
http://news.cnet.com/8301-27080_3-10293389-245.html
http://secunia.com/advisories/36193
http://secunia.com/advisories/36374
http://security.gentoo.org/glsa/glsa-200908-04.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
http://support.apple.com/kb/HT3864
http://www.adobe.com/support/security/advisories/apsa09-03.html
http://www.adobe.com/support/security/bulletins/apsb09-10.html
http://www.adobe.com/support/security/bulletins/apsb09-13.html
http://www.kb.cert.org/vuls/id/259425
http://www.securityfocus.com/bid/35759
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-1862