Back
CVE-2009-1862
HIGH
CISA KEV
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.
Published: Jul 23, 2009
Modified: Apr 22, 2026
CWE-787
CWE-787
CVSS Metrics
CVSSv3
Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products (4)
| Vendor | Product | Version |
|---|---|---|
| adobe | acrobat | * ≥ 9.0 |
| adobe | acrobat_reader | * ≥ 9.0 |
| adobe | flash_player | * ≥ 9.0 |
| adobe | flash_player | * ≥ 10.0 |
GitHub Security Advisory GHSA-wx6p-35hf-vhhj
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9...
References (41)
- http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html Broken Link, Vendor Advisory
- http://bugs.adobe.com/jira/browse/FP-1265 Broken Link
- http://isc.sans.org/diary.html?storyid=6847 Not Applicable
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html Mailing List, Third Party Advisory
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html Mailing List, Third Party Advisory
- http://news.cnet.com/8301-27080_3-10293389-245.html Broken Link
- http://secunia.com/advisories/36193 Broken Link
- http://secunia.com/advisories/36374 Broken Link
- http://secunia.com/advisories/36701 Broken Link
- http://security.gentoo.org/glsa/glsa-200908-04.xml Third Party Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 Broken Link
- http://support.apple.com/kb/HT3864 Third Party Advisory
- http://support.apple.com/kb/HT3865 Third Party Advisory
- http://www.adobe.com/support/security/advisories/apsa09-03.html Vendor Advisory
- http://www.adobe.com/support/security/bulletins/apsb09-10.html Not Applicable
Risk Scores
CVSS Score
7.8 / 10
EPSS Score
58.57%
Top 2% most likely to be exploited
Threat Score
78.8 / 100
CISA Known Exploited
Date Added:
2022-06-08
Due Date:
2022-06-22
Required Action:
For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.
Data Sources
NVD
CISA KEV
EPSS
GitHub