CVE-2009-1862
published 2009-07-23CVE-2009-1862: Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows…
PriorityP277high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-22
Exploited in the wild
EPSS
25.01%
97.6th percentile
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat | 9.0 – 9.1.2 | — |
| adobe | acrobat_reader | 9.0 – 9.1.2 | — |
| adobe | flash_player | 10.0 – 10.0.22.87 | — |
| adobe | flash_player | 9.0 – 9.0.159.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered through authplay.dll (libauthplay.so on Linux) loaded by Adobe Reader/Acrobat 9.x; monitor for abnormal child process spawning from AcroRd32.exe or acroread involving authplay.dll. ↗
- →Exploit can be delivered via a crafted Flash application embedded in a PDF file; inspect PDF files for embedded SWF streams as an indicator of potential exploitation. ↗
- ·The vulnerability in authplay.dll/libauthplay.so only affects Adobe Reader/Acrobat 9.x; versions 7 and 8 do not ship with this component and are not directly vulnerable via PDF, though they may be vulnerable if they call out to an installed vulnerable Flash Player. ↗
- ·Adobe Reader v7 and v8 can still be exploited indirectly if they call out to a separately installed vulnerable Flash Player for SWF playback; disabling Flash Player callout in Reader preferences mitigates this vector. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: btrfs: do not BUG_ON in link_to_fixup_dir
vendor_redhat·2024-03-25·CVSS 5.5
CVE-2021-47145 [MEDIUM] CWE-460 kernel: btrfs: do not BUG_ON in link_to_fixup_dir
kernel: btrfs: do not BUG_ON in link_to_fixup_dir
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not BUG_ON in link_to_fixup_dir
While doing error injection testing I got the following panic
kernel BUG at fs/btrfs/tree-log.c:1862!
invalid opcode: 0000 [#1] SMP NOPTI
CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ #305
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014
RIP: 0010:link_to_fixup_dir+0xd5/0xe0
RSP: 0018:ffffb5800180fa30 EFLAGS: 00010216
RAX: fffffffffffffffb RBX: 00000000fffffffb RCX: ffff8f595287faf0
RDX: ffffb5800180fa37 RSI: ffff8f5954978800 RDI: 0000000000000000
RBP: ffff8f5953af9450 R08: 0000000000000019 R09: 0000000000000001
R10: 000151f408682970 R11: 0000000120021001 R12: ffff8f5954978800
R13: ffff8f5952
CISA
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
cisa·2022-06-08·CVSS 7.8
CVE-2009-1862 [HIGH] CWE-94 Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
Vulnerability: Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
Affected: Adobe Acrobat and Reader, Flash Player
Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
Required Action: For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2009-1862
Remediation Due Date: 2022-06-22
Red Hat
flash-plugin: Remote code execution vulnerability via malicious SWF (Shockwave Flash) content
vendor_redhat·2009-07-21·CVSS 7.8
CVE-2009-1862 [HIGH] flash-plugin: Remote code execution vulnerability via malicious SWF (Shockwave Flash) content
flash-plugin: Remote code execution vulnerability via malicious SWF (Shockwave Flash) content
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.
GHSA
GHSA-wx6p-35hf-vhhj: Unspecified vulnerability in Adobe Reader and Acrobat 9
ghsa_unreviewed·2022-05-02
CVE-2009-1862 [HIGH] CWE-787 GHSA-wx6p-35hf-vhhj: Unspecified vulnerability in Adobe Reader and Acrobat 9
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.
VulnCheck
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
vulncheck·2009·CVSS 7.8
CVE-2009-1862 [HIGH] CWE-94 Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
Affected: Adobe Acrobat and Reader, Flash Player
Required Action: For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2009-1862; https://www.zscaler.com/blogs/security-research/wild-flash-exploit-analysis-part-1; https://www.virusbulletin.com/virusbulletin/2010/05/exploit-kit-explosion-part-two-vectors-attack/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://threatprotect.qualys
No detection rules found.
No public exploits indexed.
Zscaler
In The Wild Flash Exploit Analysis – Part 1 | Zscaler
blogs_zscaler·2009-09-10
In The Wild Flash Exploit Analysis – Part 1 | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Bugzilla
flash-plugin: multiple code execution flaws (APSB09-10)
bugzilla·2009-07-31·CVSS 7.8
[HIGH] flash-plugin: multiple code execution flaws (APSB09-10)
flash-plugin: multiple code execution flaws (APSB09-10)
Adobe has released new versions of Adobe Flash Player - 9.0.246.0 and 10.0.32.18 - fixing multiple security issues allowing code execution when malicious SWF files were played, detailed in the Adobe Security Bulletin APSB09-10:
http://www.adobe.com/support/security/bulletins/apsb09-10.html
Quoting Adobe Security Bulletin:
The update for Adobe Flash Player and Adobe AIR, Adobe Reader and Acrobat resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-1862). (tracked via separate bug #513362)
The update for Adobe Flash Player and Adobe AIR resolves the privilege escalation vulnerability that could potentially lead to code execution (CVE-2009-1863).
The update for Adobe Flash Player and Ad
Bugzilla
CVE-2009-1862 acroread, flash-plugin: Remote code execution vulnerability via malicious SWF (Shockwave Flash) content
bugzilla·2009-07-23·CVSS 7.8
CVE-2009-1862 [HIGH] CVE-2009-1862 acroread, flash-plugin: Remote code execution vulnerability via malicious SWF (Shockwave Flash) content
CVE-2009-1862 acroread, flash-plugin: Remote code execution vulnerability via malicious SWF (Shockwave Flash) content
Adobe Acrobat and Reader CVE-2009-1862 vulnerability:
An user-provided input validation flaw was found in the way Acrobat Reader
used to display certain SWF (Shockwave Flash) content, embedded by
an malicious Flash application in the Portable Document Format (PDF)
file. An attacker could use this flaw to create a PDF file with embedded, specially-crafted SWF content, which once opened by an unsuspecting
user would lead to Adobe Reader crash, or possibly, arbitrary code
execution in the context of user running Adobe Reader.
Affected Adobe Acrobat and Reader versions:
The vulnerability is confirmed in 9.1.2 and earlier 9.x versions
of Adobe Reader and Acrobat.
CVE-2009-186
http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.htmlhttp://bugs.adobe.com/jira/browse/FP-1265http://isc.sans.org/diary.html?storyid=6847http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlhttp://news.cnet.com/8301-27080_3-10293389-245.htmlhttp://secunia.com/advisories/36193http://secunia.com/advisories/36374http://secunia.com/advisories/36701http://security.gentoo.org/glsa/glsa-200908-04.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1http://support.apple.com/kb/HT3864http://support.apple.com/kb/HT3865http://www.adobe.com/support/security/advisories/apsa09-03.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-10.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-13.htmlhttp://www.kb.cert.org/vuls/id/259425http://www.securityfocus.com/bid/35759http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99http://www.symantec.com/connect/blogs/next-generation-flash-vulnerabilityhttp://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.htmlhttp://bugs.adobe.com/jira/browse/FP-1265http://isc.sans.org/diary.html?storyid=6847http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlhttp://news.cnet.com/8301-27080_3-10293389-245.htmlhttp://secunia.com/advisories/36193http://secunia.com/advisories/36374http://secunia.com/advisories/36701http://security.gentoo.org/glsa/glsa-200908-04.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1http://support.apple.com/kb/HT3864http://support.apple.com/kb/HT3865http://www.adobe.com/support/security/advisories/apsa09-03.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-10.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-13.htmlhttp://www.kb.cert.org/vuls/id/259425http://www.securityfocus.com/bid/35759http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99http://www.symantec.com/connect/blogs/next-generation-flash-vulnerabilityhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-1862
2009-07-23
Published
2022-06-08
Added to CISA KEV
Exploited in the wild