Integer Overflow in Adobe Flash Player and AIR AVM2 Parser
CVE-2009-1869

Currently unrated

Key Information:

Vendor: Adobe
Status: Air; Flash Player; Flex
Vendor: CVE Published:; 31 July 2009

Summary

An integer overflow vulnerability exists in the ActionScript Virtual Machine 2 (AVM2) abcFile parser within Adobe Flash Player and Adobe AIR. This flaw can be exploited by attackers to cause a denial of service, leading to application crashes, or potentially execute arbitrary code by crafting a specific AVM2 file with a large intrf_count value. The resultant dereferencing of an out-of-bounds pointer poses significant security risks for affected versions.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

http://lists.apple.com/archives/security-announce/2009/Se...

vendor-advisoryx_refsource_APPLE

http://security.gentoo.org/glsa/glsa-200908-04.xml

vendor-advisoryx_refsource_GENTOO

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 31, 2009
Vulnerability Reserved
Jun 1, 2009