CVE-2009-1862

KEV

🔴 Łataj teraz

Nieokreślona podatność w Adobe Reader i Flash Player umożliwia zdalne wykonanie kodu.

CVSS

7.8

EPSS

58.6%

Exploit

weaponized

Vendor

adobe

Opis źródłowy (NVD)

Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.

dos Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	7.8
CISA KEV (aktywnie wykorzystywane)	Tak
FIRST EPSS (prawdopodobieństwo exploita)	58.6%
Opublikowano (NVD)	2009-07-23 20:30:00 UTC
Ostatnia modyfikacja (NVD)	2026-04-22 14:13:33 UTC

Referencje

http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html (cve@mitre.org) [Broken Link, Vendor Advisory]
http://bugs.adobe.com/jira/browse/FP-1265 (cve@mitre.org) [Broken Link]
http://isc.sans.org/diary.html?storyid=6847 (cve@mitre.org) [Not Applicable]
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html (cve@mitre.org) [Mailing List, Third Party Advisory]
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html (cve@mitre.org) [Mailing List, Third Party Advisory]
http://news.cnet.com/8301-27080_3-10293389-245.html (cve@mitre.org) [Broken Link]
http://secunia.com/advisories/36193 (cve@mitre.org) [Broken Link]
http://secunia.com/advisories/36374 (cve@mitre.org) [Broken Link]
http://secunia.com/advisories/36701 (cve@mitre.org) [Broken Link]
http://security.gentoo.org/glsa/glsa-200908-04.xml (cve@mitre.org) [Third Party Advisory]
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 (cve@mitre.org) [Broken Link]
http://support.apple.com/kb/HT3864 (cve@mitre.org) [Third Party Advisory]
http://support.apple.com/kb/HT3865 (cve@mitre.org) [Third Party Advisory]
http://www.adobe.com/support/security/advisories/apsa09-03.html (cve@mitre.org) [Vendor Advisory]
http://www.adobe.com/support/security/bulletins/apsb09-10.html (cve@mitre.org) [Not Applicable]
http://www.adobe.com/support/security/bulletins/apsb09-13.html (cve@mitre.org) [Not Applicable]
http://www.kb.cert.org/vuls/id/259425 (cve@mitre.org) [Third Party Advisory, US Government Resource]
http://www.securityfocus.com/bid/35759 (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99 (cve@mitre.org) [Broken Link]
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability (cve@mitre.org) [Broken Link]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-1862 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]