CVE-2009-1862

Name: CVE-2009-1862
Creator: NVD / NIST
Published: 2009-07-23T20:30:00.233+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10Actively ExploitedEPSS 25.01%

Last modified Jun 16, 2026

CVE-2009-1862 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.. CISA has confirmed active exploitation in the wild. EPSS estimates a 25.01% chance of exploitation in the next 30 days.

Description

Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

25.01%

97.6th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Jun 22, 2022.

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Adobe	Acrobat	>= 9.0, <= 9.1.2
Adobe	Acrobat Reader	>= 9.0, <= 9.1.2
Adobe	Flash Player	>= 9.0, <= 9.0.159.0
Adobe	Flash Player	>= 10.0, <= 10.0.22.87

References

http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.htmlBroken Link, Vendor Advisory
http://bugs.adobe.com/jira/browse/FP-1265Broken Link
http://isc.sans.org/diary.html?storyid=6847Not Applicable
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.htmlMailing List, Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlMailing List, Third Party Advisory
http://news.cnet.com/8301-27080_3-10293389-245.htmlBroken Link
http://secunia.com/advisories/36193Broken Link
http://secunia.com/advisories/36374Broken Link
http://secunia.com/advisories/36701Broken Link
http://security.gentoo.org/glsa/glsa-200908-04.xmlThird Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1Broken Link
http://support.apple.com/kb/HT3864Third Party Advisory
http://support.apple.com/kb/HT3865Third Party Advisory
http://www.adobe.com/support/security/advisories/apsa09-03.htmlVendor Advisory
http://www.adobe.com/support/security/bulletins/apsb09-10.htmlNot Applicable
http://www.adobe.com/support/security/bulletins/apsb09-13.htmlNot Applicable
http://www.kb.cert.org/vuls/id/259425Third Party Advisory, US Government Resource
http://www.securityfocus.com/bid/35759Broken Link, Third Party Advisory, VDB Entry
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99Broken Link
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerabilityBroken Link
http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.htmlBroken Link, Vendor Advisory
http://bugs.adobe.com/jira/browse/FP-1265Broken Link
http://isc.sans.org/diary.html?storyid=6847Not Applicable
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.htmlMailing List, Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlMailing List, Third Party Advisory
http://news.cnet.com/8301-27080_3-10293389-245.htmlBroken Link
http://secunia.com/advisories/36193Broken Link
http://secunia.com/advisories/36374Broken Link
http://secunia.com/advisories/36701Broken Link
http://security.gentoo.org/glsa/glsa-200908-04.xmlThird Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1Broken Link
http://support.apple.com/kb/HT3864Third Party Advisory
http://support.apple.com/kb/HT3865Third Party Advisory
http://www.adobe.com/support/security/advisories/apsa09-03.htmlVendor Advisory
http://www.adobe.com/support/security/bulletins/apsb09-10.htmlNot Applicable
http://www.adobe.com/support/security/bulletins/apsb09-13.htmlNot Applicable
http://www.kb.cert.org/vuls/id/259425Third Party Advisory, US Government Resource
http://www.securityfocus.com/bid/35759Broken Link, Third Party Advisory, VDB Entry
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99Broken Link
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerabilityBroken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-1862US Government Resource

Timeline

Published: Jul 23, 2009
Last Modified: Jun 16, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2009-1862?

How severe is CVE-2009-1862?

CVE-2009-1862 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 25.01% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2009-1862?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-1862?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST