Published: 31/07/2009 Updated: 29/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Heap-based buffer overflow in Adobe Flash Player prior to 9.0.246.0 and 10.x prior to 10.0.32.18, and Adobe AIR prior to 1.5.2, allows malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe flash player 10.0.0.584
adobe flash player 9.0.28
adobe flash player 9.0.20.0
adobe flash player 7.0
adobe flash player 7.0.1
adobe flash player 8.0.34.0
adobe flash player 8.0.35.0
adobe flash player 7.1
adobe flash player 9.0.48.0
adobe flash player 9.0.47.0
adobe flash player 9.0.45.0
adobe flash player 9.0.124.0
adobe flash player 9.0.115.0
adobe flash player 7.0.69.0
adobe flash player 7.1.1
adobe flash player 8.0
adobe flash player 7.0.25
adobe air 1.5
adobe air 1.1
adobe flash player 9.0.31.0
adobe flash player 9.0.28.0
adobe flash player 9.0.114.0
adobe flex 3.0
adobe flash player 7.2
adobe flash player 8.0.24.0
adobe flash player 7.0.70.0
adobe air
adobe air 1.01
adobe air 1.0
adobe flash player 10.0.12.10
adobe flash player 10.0.12.36
adobe flash player 9.0.20
adobe flash player 9.0.16
adobe flash player 7.0.63
adobe flash player 8.0.39.0
adobe flash player
adobe flash player 9.0.112.0

Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An updated Adobe Flash Player package that fixes multiple security issuesis now available for Red Hat Enterprise Linux 3 and 4 ExtrasThis update has been rated as having critical security impact by the RedHat Se ...

Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An updated Adobe Flash Player package that fixes multiple security issuesis now available for Red Hat Enterprise Linux 5 SupplementaryThis update has been rated as having critical security impact by the RedHat S ...

source: wwwsecurityfocuscom/bid/35902/info Adobe Flash Player and Adobe AIR are prone to a heap-based buffer-overflow vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application Failed attacks may cause a denial-of-service condition This issue was previously covered in BID 35890 (Adobe ...

CWE-119 http://www.vupen.com/english/advisories/2009/2086 http://www.securityfocus.com/bid/35890 http://www.adobe.com/support/security/bulletins/apsb09-10.html http://www.securitytracker.com/id?1022629 http://www.securityfocus.com/bid/35902 http://osvdb.org/56776 http://security.gentoo.org/glsa/glsa-200908-04.xml http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://www.adobe.com/support/security/bulletins/apsb09-13.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://support.apple.com/kb/HT3865 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://secunia.com/advisories/36701 http://support.apple.com/kb/HT3864 https://exchange.xforce.ibmcloud.com/vulnerabilities/52185 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6865 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15955 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2009:1189 https://www.exploit-db.com/exploits/33133/

CVE-2009-1868

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect