Cyber Resilience

CVE-2009-1862

HighCISA KEVActive ExploitationEUVD Exploited

Published: 23 July 2009

Published
23 July 2009
Modified
22 April 2026
KEV Added
08 June 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.5857 98.2th percentile
Risk Priority 71 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2009-1862 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Adobe Flash Player. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 1.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-18 (Mobile Code) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability is an unspecified flaw, tracked as CWE-787, that affects Adobe Reader and Acrobat versions 9.x through 9.1.2 as well as Adobe Flash Player versions 9.x through 9.0.159.0 and 10.x through 10.0.22.87. It resides in authplay.dll and manifests as memory corruption when the software processes a crafted Flash application embedded in a PDF or a standalone crafted SWF file.

Remote attackers can exploit the issue by supplying malicious files that trigger the corruption, resulting in arbitrary code execution or a denial of service. The vulnerability was observed being exploited in the wild during July 2009, with the attack vector requiring the victim to open the crafted document or Flash content.

Adobe PSIRT and subsequent Apple security advisories address mitigation through updated releases that correct the memory-handling defect in both Reader/Acrobat and Flash Player; organizations are advised to apply the patches promptly and to restrict processing of untrusted PDF or SWF content until remediation is complete.

EU & UK References

Vulnerability details

Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted…

more

Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.

CWE(s)
KEV Date Added
08 June 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

adobe
acrobat
9.0 — 9.1.2
adobe
acrobat reader
9.0 — 9.1.2
adobe
flash player
9.0 — 9.0.159.0 · 10.0 — 10.0.22.87

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying vendor patches that correct the memory-corruption flaw in authplay.dll before exploitation occurs.

prevent

Explicitly governs the use and execution of mobile code (Flash/SWF) embedded in PDFs or standalone files, blocking the attack vector.

prevent

Enforces disabling or restricting unnecessary PDF/Flash processing capabilities until patches are applied, limiting the attack surface.

References