SAINT CorporationSAINT:2735AEF5B8DC241BDFD2300F4C9EC42EAdobe Flash Player authplay.dll vulnerability
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.559 Medium
EPSS
Percentile
97.7%
Added: 08/26/2009
CVE: CVE-2009-1862
BID: 35759
OSVDB: 56282
Background
Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.
Problem
A vulnerability in **authplay.dll** in Adobe Flash Player allows command execution when a user opens a specially crafted .swf file.
Resolution
Apply the update referenced in APSB09-10.
References
<http://www.adobe.com/support/security/advisories/apsa09-03.html>
<http://www.kb.cert.org/vuls/id/259425>
Limitations
Exploit works on Flash Player 10.0.22.87 and requires a user to load the exploit page into Internet Explorer 6 or 7.
After a user loads the exploit page, there may be a delay before the exploit succeeds.
Platforms
Windows XP
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.559 Medium
EPSS
Percentile
97.7%