Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1869

CWE-1896 documents6 sources

Severity

9.3CRITICAL

EPSS

21.9%

top 4.23%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Adobe AIR Adobe Flash Player Adobe Flex

Timeline

PublishedJul 31

Latest updateMay 2

Description

Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDadobe/flash_player10.0.22.87+30

▶NVDadobe/air1.5.1+4

▶NVDadobe/flex3.0

Patches

Patch: www.adobe.com ↗Patch: www.securityfocus.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-6r68-5hx2-xfw5: Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9↗2022-05-02

▶

CVEList

CVE-2009-1869: Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9↗2009-07-31

▶

💥Exploits & PoCs

Exploit-DB

Adobe Flash Player 10.0.22 / AIR - 'intf_count' Integer Overflow↗2009-07-30

▶

📋Vendor Advisories

Red Hat

flash-plugin: multiple code execution flaws (APSB09-10)↗2009-07-30

▶

💬Community

Bugzilla

CVE-2009-4897 ghostscript: long name buffer overflow (GS 8.64)↗2010-07-12

▶