Published: 31/07/2009 Updated: 10/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player prior to 9.0.246.0 and 10.x prior to 10.0.32.18, and Adobe AIR prior to 1.5.2, allows malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe flash player 9.0.28.0
adobe flash player 9.0.28
adobe flex 3.0
adobe flash player 7.0
adobe flash player 8.0.24.0
adobe flash player 8.0.34.0
adobe air
adobe flash player 7.1
adobe air 1.0
adobe flash player 10.0.12.36
adobe flash player 9.0.47.0
adobe flash player 9.0.16
adobe flash player 9.0.124.0
adobe flash player 7.0.69.0
adobe flash player 7.1.1
adobe flash player 8.0
adobe flash player 9.0.112.0
adobe air 1.5
adobe flash player 9.0.45.0
adobe flash player 9.0.31.0
adobe flash player 9.0.115.0
adobe flash player 9.0.114.0
adobe flash player 7.2
adobe flash player 7.0.25
adobe flash player 7.0.70.0
adobe air 1.1
adobe air 1.01
adobe flash player 10.0.0.584
adobe flash player 10.0.12.10
adobe flash player 9.0.20.0
adobe flash player 9.0.20
adobe flash player 7.0.1
adobe flash player 7.0.63
adobe flash player 8.0.35.0
adobe flash player 8.0.39.0
adobe flash player 9.0.48.0
adobe flash player

Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An updated Adobe Flash Player package that fixes multiple security issuesis now available for Red Hat Enterprise Linux 3 and 4 ExtrasThis update has been rated as having critical security impact by the RedHat Se ...

Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An updated Adobe Flash Player package that fixes multiple security issuesis now available for Red Hat Enterprise Linux 5 SupplementaryThis update has been rated as having critical security impact by the RedHat S ...

source: wwwsecurityfocuscom/bid/35907/info Adobe Flash Player and Adobe AIR are prone to an integer-overflow vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the application Failed attacks may cause a denial-of-service condition This issue was previously covered in BID 35890 (Adobe Flash Play ...

CWE-189 http://www.securityfocus.com/bid/35890 http://www.vupen.com/english/advisories/2009/2086 http://www.adobe.com/support/security/bulletins/apsb09-10.html http://www.securitytracker.com/id?1022629 http://osvdb.org/56777 http://security.gentoo.org/glsa/glsa-200908-04.xml http://roeehay.blogspot.com/2009/08/advisory-adobe-flash-player-avm2.html http://roeehay.blogspot.com/2009/08/exploitation-of-cve-2009-1869.html http://secunia.com/advisories/36193 http://www.securityfocus.com/bid/35907 http://secunia.com/advisories/36374 http://www.adobe.com/support/security/bulletins/apsb09-13.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://support.apple.com/kb/HT3865 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://secunia.com/advisories/36701 http://support.apple.com/kb/HT3864 https://exchange.xforce.ibmcloud.com/vulnerabilities/52181 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6998 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15994 http://www.securityfocus.com/archive/1/505467/100/0/threaded https://access.redhat.com/errata/RHSA-2009:1189 https://nvd.nist.gov https://www.exploit-db.com/exploits/33134/

CVE-2009-1869

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect