Lucene search

MitreCVE-2009-1869

HistoryJul 31, 2009 - 7:30 p.m.

CVE-2009-1869

2009-07-3119:30:00

CWE-189

mitre

web.nvd.nist.gov

cve-2009-1869

adobe flash player

avm2

integer overflow

denial of service

remote code execution

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.478

Percentile

97.5%

JSON

Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.

Affected configurations

Nvd

Node

adobeairRange≤1.5.1

adobeairMatch1.0

adobeairMatch1.01

adobeairMatch1.1

adobeairMatch1.5

adobeflash_playerRange≤10.0.22.87

adobeflash_playerMatch7.0

adobeflash_playerMatch7.0.1

adobeflash_playerMatch7.0.25

adobeflash_playerMatch7.0.63

adobeflash_playerMatch7.0.63linux

adobeflash_playerMatch7.0.69.0

adobeflash_playerMatch7.0.70.0

adobeflash_playerMatch7.1

adobeflash_playerMatch7.1.1

adobeflash_playerMatch7.2

adobeflash_playerMatch8.0

adobeflash_playerMatch8.0basic

adobeflash_playerMatch8.0pro

adobeflash_playerMatch8.0.24.0

adobeflash_playerMatch8.0.34.0

adobeflash_playerMatch8.0.35.0

adobeflash_playerMatch8.0.39.0

adobeflash_playerMatch9.0.16

adobeflash_playerMatch9.0.20

adobeflash_playerMatch9.0.20.0

adobeflash_playerMatch9.0.28

adobeflash_playerMatch9.0.28.0

adobeflash_playerMatch9.0.31.0

adobeflash_playerMatch9.0.45.0

adobeflash_playerMatch9.0.47.0

adobeflash_playerMatch9.0.48.0

adobeflash_playerMatch9.0.112.0

adobeflash_playerMatch9.0.114.0

adobeflash_playerMatch9.0.115.0

adobeflash_playerMatch9.0.124.0

adobeflash_playerMatch10.0.0.584

adobeflash_playerMatch10.0.12.10

adobeflash_playerMatch10.0.12.36

adobeflexMatch3.0

VendorProductVersionCPE
adobeair*cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
adobeair1.0cpe:2.3:a:adobe:air:1.0:*:*:*:*:*:*:*
adobeair1.01cpe:2.3:a:adobe:air:1.01:*:*:*:*:*:*:*
adobeair1.1cpe:2.3:a:adobe:air:1.1:*:*:*:*:*:*:*
adobeair1.5cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
adobeflash_player7.0cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*
adobeflash_player7.0.1cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*
adobeflash_player7.0.25cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*
adobeflash_player7.0.63cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	air	*	cpe:2.3:a:adobe:air::::::::
adobe	air	1.0	cpe:2.3:a:adobe:air:1.0:::::::*
adobe	air	1.01	cpe:2.3:a:adobe:air:1.01:::::::*
adobe	air	1.1	cpe:2.3:a:adobe:air:1.1:::::::*
adobe	air	1.5	cpe:2.3:a:adobe:air:1.5:::::::*
adobe	flash_player	*	cpe:2.3:a:adobe:flash_player::::::::
adobe	flash_player	7.0	cpe:2.3:a:adobe:flash_player:7.0:::::::*
adobe	flash_player	7.0.1	cpe:2.3:a:adobe:flash_player:7.0.1:::::::*
adobe	flash_player	7.0.25	cpe:2.3:a:adobe:flash_player:7.0.25:::::::*
adobe	flash_player	7.0.63	cpe:2.3:a:adobe:flash_player:7.0.63:::::::*