CVE-2009-1869

Currently unrated

Key Information:

Vendor: Adobe
Status: Air; Flash Player; Flex
Vendor: CVE Published:; 31 July 2009

Summary

Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

http://lists.apple.com/archives/security-announce/2009/Se...

vendor-advisoryx_refsource_APPLE

http://security.gentoo.org/glsa/glsa-200908-04.xml

vendor-advisoryx_refsource_GENTOO

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 31, 2009
Vulnerability Reserved
Jun 1, 2009