返回 CVE 瀏覽器

CVE-2009-1862

Known Exploited (CISA KEV)HIGH

7.8

CVSS Severity Score

EPSS Score89.4880%

EPSS Percentile91.72th

Published2009年7月23日

Last Modified2026年4月22日

Vulnerability Description

Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.

Affected Platforms (CPE)

📦

Adobe

Acrobat

>= 9.0 and <= 9.1.2

📦

Adobe

Acrobat Reader

>= 9.0 and <= 9.1.2

📦

Adobe

Flash Player

>= 9.0 and <= 9.0.159.0

📦

Adobe

Flash Player

>= 10.0 and <= 10.0.22.87

References & Advisories

🔗 http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html

🔗 http://bugs.adobe.com/jira/browse/FP-1265

🔗 http://isc.sans.org/diary.html?storyid=6847

🔗 http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html

🔗 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

🔗 http://news.cnet.com/8301-27080_3-10293389-245.html

🔗 http://secunia.com/advisories/36193

🔗 http://secunia.com/advisories/36374

相關漏洞威脅

CVE-2004-063110.0

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions...

CVE-2004-115210.0

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary c...

CVE-2004-063010.0

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those bef...

CVE-2004-115310.0

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (appl...