9.3
CVSSv2

CVE-2009-1868

Published: 31/07/2009 Updated: 29/09/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Heap-based buffer overflow in Adobe Flash Player prior to 9.0.246.0 and 10.x prior to 10.0.32.18, and Adobe AIR prior to 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing.

Affected Products

Vendor Product Versions
AdobeAir1.0, 1.1, 1.5, 1.5.1
AdobeFlash Player7.0, 7.0.1, 7.0.25, 7.0.63, 7.0.69.0, 7.0.70.0, 7.1, 7.1.1, 7.2, 8.0, 8.0.24.0, 8.0.34.0, 8.0.35.0, 8.0.39.0, 9.0.16, 9.0.20, 9.0.20.0, 9.0.28, 9.0.28.0, 9.0.31.0, 9.0.45.0, 9.0.47.0, 9.0.48.0, 9.0.112.0, 9.0.114.0, 9.0.115.0, 9.0.124.0, 10.0.0.584, 10.0.12.10, 10.0.12.36, 10.0.22.87
AdobeFlex3.0

Vendor Advisories

Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An updated Adobe Flash Player package that fixes multiple security issuesis now available for Red Hat Enterprise Linux 5 SupplementaryThis update has been rated as having critical security impact by the RedHat S ...
Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An updated Adobe Flash Player package that fixes multiple security issuesis now available for Red Hat Enterprise Linux 3 and 4 ExtrasThis update has been rated as having critical security impact by the RedHat Se ...

Exploits

source: wwwsecurityfocuscom/bid/35902/info Adobe Flash Player and Adobe AIR are prone to a heap-based buffer-overflow vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application Failed attacks may cause a denial-of-service condition This issue was previously covered in BID 35890 (Adobe ...