9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.559 Medium
EPSS
Percentile
97.7%
Added: 08/26/2009
CVE: CVE-2009-1862
BID: 35759
OSVDB: 56282
Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.
A vulnerability in **authplay.dll**
in Adobe Flash Player allows command execution when a user opens a specially crafted .swf file.
Apply the update referenced in APSB09-10.
<http://www.adobe.com/support/security/advisories/apsa09-03.html>
<http://www.kb.cert.org/vuls/id/259425>
Exploit works on Flash Player 10.0.22.87 and requires a user to load the exploit page into Internet Explorer 6 or 7.
After a user loads the exploit page, there may be a delay before the exploit succeeds.
Windows XP