CVE-2009-1862HIGH
Description
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.
References
http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html
http://bugs.adobe.com/jira/browse/FP-1265
http://isc.sans.org/diary.html?storyid=6847
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://news.cnet.com/8301-27080_3-10293389-245.html
http://secunia.com/advisories/36193
http://secunia.com/advisories/36374
http://secunia.com/advisories/36701
http://security.gentoo.org/glsa/glsa-200908-04.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
http://support.apple.com/kb/HT3864
http://support.apple.com/kb/HT3865
http://www.adobe.com/support/security/advisories/apsa09-03.html
http://www.adobe.com/support/security/bulletins/apsb09-10.html
http://www.adobe.com/support/security/bulletins/apsb09-13.html
http://www.kb.cert.org/vuls/id/259425
http://www.securityfocus.com/bid/35759
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 63887 | RHEL 3 / 4 : flash-plugin (RHSA-2009:1189) | Nessus | Red Hat Local Security Checks | high |
| 63886 | RHEL 5 : flash-plugin (RHSA-2009:1188) | Nessus | Red Hat Local Security Checks | high |
| 51731 | SuSE 10 Security Update : flash-player (ZYPP Patch Number 6386) | Nessus | SuSE Local Security Checks | high |
| 42001 | openSUSE 10 Security Update : flash-player (flash-player-6387) | Nessus | SuSE Local Security Checks | high |
| 41392 | SuSE 11 Security Update : flash-player (SAT Patch Number 1149) | Nessus | SuSE Local Security Checks | high |
| 800786 | Mac OS X 10.6 < 10.6.1 Multiple Vulnerabilities | Log Correlation Engine | Operating System Detection | high |
| 5162 | Mac OS X 10.6 < 10.6.1 Multiple Vulnerabilities | Nessus Network Monitor | Generic | critical |
| 40946 | Mac OS X 10.6.x < 10.6.1 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
| 40945 | Mac OS X Multiple Vulnerabilities (Security Update 2009-005) | Nessus | MacOS X Local Security Checks | critical |
| 40806 | Adobe Acrobat < 9.1.3 Flash Handling Unspecified Arbitrary Code Execution | Nessus | Windows | high |
| 40520 | GLSA-200908-04 : Adobe products: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 40494 | Adobe Reader < 9.1.3 Flash Handling Unspecified Arbitrary Code Execution (APSB09-10) | Nessus | Windows | high |
| 40489 | openSUSE Security Update : flash-player (flash-player-1148) | Nessus | SuSE Local Security Checks | high |
| 40488 | openSUSE Security Update : flash-player (flash-player-1148) | Nessus | SuSE Local Security Checks | high |
| 5109 | Adobe AIR < 1.5.2 Multiple Vulnerabilities (APSB09-10) | Nessus Network Monitor | Web Clients | medium |
| 40447 | Adobe AIR < 1.5.2 Multiple Vulnerabilities (APSB09-10) | Nessus | Windows | high |
| 40434 | Flash Player < 9.0.246.0 / 10.0.32.18 Multiple Vulnerabilities (APSB09-10) | Nessus | Windows | high |