CVE-2009-1862

Publication date 23 July 2009

Last updated 25 August 2025

Ubuntu priority

Cvss 3 Severity Score

Description

Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
adobe-flashplugin	9.10 karmic	Fixed 10.0.32.18-1karmic2
	9.04 jaunty	Fixed 10.0.32.18-1jaunty1
	8.10 intrepid	Fixed 10.0.32.18-1intrepid1
	8.04 LTS hardy	Fixed 10.0.32.18-1hardy1
	6.06 LTS dapper	Not in release
flashplugin-nonfree	9.10 karmic	Fixed 10.0.32.18ubuntu1
	9.04 jaunty	Fixed 10.0.32.18ubuntu0.9.04.1
	8.10 intrepid	Fixed 10.0.32.18ubuntu0.8.10.1
	8.04 LTS hardy	Fixed 9.0.246.0ubuntu1
	6.06 LTS dapper	Ignored

Severity score breakdown

Parameter	Value
Base score	7.8 · High
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2009-1862

Cvss 3 Severity Score

Description

Status

Severity score breakdown

References

Other references

Access our resources on patching vulnerabilities