CVE-2009-1862
Published: 23 July 2009
Summary
CVE-2009-1862 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Adobe Flash Player. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 1.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-18 (Mobile Code) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability is an unspecified flaw, tracked as CWE-787, that affects Adobe Reader and Acrobat versions 9.x through 9.1.2 as well as Adobe Flash Player versions 9.x through 9.0.159.0 and 10.x through 10.0.22.87. It resides in authplay.dll and manifests as memory corruption when the software processes a crafted Flash application embedded in a PDF or a standalone crafted SWF file.
Remote attackers can exploit the issue by supplying malicious files that trigger the corruption, resulting in arbitrary code execution or a denial of service. The vulnerability was observed being exploited in the wild during July 2009, with the attack vector requiring the victim to open the crafted document or Flash content.
Adobe PSIRT and subsequent Apple security advisories address mitigation through updated releases that correct the memory-handling defect in both Reader/Acrobat and Flash Player; organizations are advised to apply the patches promptly and to restrict processing of untrusted PDF or SWF content until remediation is complete.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2009-1857
Vulnerability details
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted…
more
Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.
- CWE(s)
- KEV Date Added
- 08 June 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying vendor patches that correct the memory-corruption flaw in authplay.dll before exploitation occurs.
Explicitly governs the use and execution of mobile code (Flash/SWF) embedded in PDFs or standalone files, blocking the attack vector.
Enforces disabling or restricting unnecessary PDF/Flash processing capabilities until patches are applied, limiting the attack surface.