CVE-2009-1862

{"id": "CVE-2009-1862", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2009-07-23T20:30:00.233", "references": [{"url": "http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://bugs.adobe.com/jira/browse/FP-1265", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://isc.sans.org/diary.html?storyid=6847", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://news.cnet.com/8301-27080_3-10293389-245.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36193", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36374", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36701", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200908-04.xml", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://support.apple.com/kb/HT3864", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.apple.com/kb/HT3865", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.adobe.com/support/security/advisories/apsa09-03.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/259425", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/35759", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability", "tags": ["Broken Link"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en Adobe Reader , Acrobat de la v9.x a la v9.1.2 y Adobe Flash Player v9.x a la v9.0.159.0 y v10.x a la v10.0.22.87, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1)una aplicaci\u00f3n flash manipulada en un archivo .pdf o (2) un archivo .swf. Relacionado con el authplay.dll, como se ha explotado p\u00fablicamente en julio del 2009."}], "lastModified": "2024-06-28T14:20:12.417", "cisaActionDue": "2022-06-22", "cisaExploitAdd": "2022-06-08", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9BDD6C1-0E21-40D1-9C94-C8D79F6AA217", "versionEndIncluding": "9.1.2", "versionStartIncluding": "9.0"}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3D940BB-0388-471A-9691-CABE00466068", "versionEndIncluding": "9.1.2", "versionStartIncluding": "9.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "452F2EAC-9EFB-4899-8F2F-A1EE2B796BEE", "versionEndIncluding": "9.0.159.0", "versionStartIncluding": "9.0"}, {"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5113E8EC-D47F-4BAE-855E-915FA8870AE1", "versionEndIncluding": "10.0.22.87", "versionStartIncluding": "10.0"}], "operator": "OR"}]}], "evaluatorImpact": "Per: http://www.kb.cert.org/vuls/id/259425\r\n\r\n\"Adobe Flash is a widely deployed multimedia platform typically used to provide content in web sites. Adobe Flash Player, Reader, Acrobat, and other Adobe products include Flash support.\r\n\r\nAdobe Flash Player contains a code execution vulnerability. An attacker may be able to trigger this vulnerability by convincing a user to open a specially crafted Flash (SWF) file. The SWF file could be hosted or embedded in a web page or contained in a Portable Document Format (PDF) file. If an attacker can take control of a website or web server, trusted sites may exploit this vulnerability.\r\n\r\nThis vulnerability affects Adobe Flash versions 9.0.159.0 and 10.0.22.87 and earlier 9.x and 10.x versions. Adobe Reader 9, Acrobat 9, and other Adobe products (including Photoshop CS3, PhotoShop Lightroom, Freehand MX, Fireworks) provide Flash support independent of Flash Player. As of 2009-07-22, Adobe Reader 9.1.2 includes Flash 9.0.155.0, which is likely vulnerable to issues addressed by Flash 9.0.159.0\"", "sourceIdentifier": "cve@mitre.org", "cisaRequiredAction": "For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.", "cisaVulnerabilityName": "Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability"}