CVE-2009-1862

Summary

CVE	CVE-2009-1862
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2009-07-23 20:30:00 UTC
Updated	2026-04-22 14:13:33 UTC
Description	Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.

Risk And Classification

Primary CVSS: v3.1 7.8 HIGH from [email protected]

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS: 0.585660000 probability, percentile 0.982150000 (date 2026-04-24)

CISA KEV: Listed on 2022-06-08; due 2022-06-22; ransomware use Unknown

Problem Types: CWE-787 | n/a | CWE-787 CWE-787 Out-of-bounds Write

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Primary	7.8	HIGH	`CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`
3.1	ADP	DECLARED	7.8	HIGH	`CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`
3.1	134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	7.8	HIGH	`CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`
2.0	[email protected]	Primary	9.3		`AV:N/AC:M/Au:N/C:C/I:C/A:C`

CVSS v3.1 Breakdown

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

CISA Known Exploited Vulnerability

Vendor	Adobe
Product	Acrobat and Reader, Flash Player
Name	Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
Required Action	For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.
Notes	https://nvd.nist.gov/vuln/detail/CVE-2009-1862

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Adobe	Acrobat	All	All	All	All
Application	Adobe	Acrobat Reader	All	All	All	All
Application	Adobe	Flash Player	All	All	All	All
Application	Adobe	Flash Player	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
Adobe Product Security Incident Response Team (PSIRT): Potential Adobe Reader, Acrobat, and Flash Player issue	af854a3a-2127-422b-91ae-364da2661108	blogs.adobe.com	Broken Link, Vendor Advisory
sunsolve.sun.com/search/document.do	af854a3a-2127-422b-91ae-364da2661108	sunsolve.sun.com	Broken Link
US-CERT Vulnerability Note VU#259425	af854a3a-2127-422b-91ae-364da2661108	www.kb.cert.org	Third Party Advisory, US Government Resource
Gentoo update for adobe-flash and acroread - Secunia Advisories - Vulnerability Information - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Broken Link
Trojan.Pidief.G \| Symantec	af854a3a-2127-422b-91ae-364da2661108	www.symantec.com	Broken Link
About the security content of the Mac OS X v10.6.1 Update	af854a3a-2127-422b-91ae-364da2661108	support.apple.com	Third Party Advisory
Adobe Acrobat, Reader, and Flash Player Remote Code Execution Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Broken Link, Third Party Advisory, VDB Entry
Adobe investigating zero-day bug in Flash \| InSecurity Complex - CNET News	af854a3a-2127-422b-91ae-364da2661108	news.cnet.com	Broken Link
Next-Generation Flash Vulnerability \| Symantec Connect	af854a3a-2127-422b-91ae-364da2661108	www.symantec.com	Broken Link
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Broken Link
Adobe - Security Bulletins: APSB09-10 Security Updates available for Adobe Flash Player, Adobe Reader and Acrobat	af854a3a-2127-422b-91ae-364da2661108	www.adobe.com	Not Applicable
Login Required - Adobe Bug System	af854a3a-2127-422b-91ae-364da2661108	bugs.adobe.com	Broken Link
Adobe - Security Bulletins: APSB09-13 Security Update available for Flex SDK	af854a3a-2127-422b-91ae-364da2661108	www.adobe.com	Not Applicable
Adobe Flex Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Broken Link
Gentoo Linux Documentation -- Adobe products: Multiple vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	security.gentoo.org	Third Party Advisory
www.cisa.gov/known-exploited-vulnerabilities-catalog	134c704f-9b21-4f2e-91b3-4a467353bcc0	www.cisa.gov	US Government Resource
YA0D (Yet Another 0-Day) in Adobe Flash player	af854a3a-2127-422b-91ae-364da2661108	isc.sans.org	Not Applicable
About Security Update 2009-005	af854a3a-2127-422b-91ae-364da2661108	support.apple.com	Third Party Advisory
APPLE-SA-2009-09-10-2 Security Update 2009-005	af854a3a-2127-422b-91ae-364da2661108	lists.apple.com	Mailing List, Third Party Advisory
APPLE-SA-2009-09-10-1 Mac OS X v10.6.1	af854a3a-2127-422b-91ae-364da2661108	lists.apple.com	Mailing List, Third Party Advisory
Adobe - Security Advisories: APSA09-03 - Security Advisory for Adobe Reader, Acrobat and Flash Player	af854a3a-2127-422b-91ae-364da2661108	www.adobe.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis
CISA Known Exploited Vulnerabilities catalog	CISA	www.cisa.gov	kev

No vendor comments have been submitted for this CVE.

Additional Advisory Data

Source	Time	Event
ADP	2022-06-08T00:00:00.000Z	CVE-2009-1862 added to CISA KEV

There are currently no legacy QID mappings associated with this CVE.