2009-1862 | Adobe Flash Player authplay.dll code injection (BID-35759 / XFDB-51954)
|CVSS Meta Temp Score||Current Exploit Price (≈)||CTI Interest Score|
A vulnerability, which was classified as very critical, has been found in Adobe Flash Player up to 18.104.22.168 (Multimedia Player Software). This issue affects an unknown function in the library authplay.dll. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE to declare the problem leads to CWE-94. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 22.214.171.124 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.
The weakness was presented 07/23/2009 with Adobe as confirmed advisory (CERT.org). The advisory is shared at kb.cert.org. The identification of this vulnerability is CVE-2009-1862 since 06/01/2009. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details are known, but no exploit is available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 08/12/2021). It is expected to see the exploit prices for this product decreasing in the near future.
The vulnerability scanner Nessus provides a plugin with the ID 40434 (Flash Player Windows. The commercial vulnerability scanner Qualys is able to test this issue with plugin 116529 (Adobe Acrobat and Reader Remote Code Execution Vulnerabilities (APSA09-03 and APSB09-10)).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 8348.
The vulnerability is also documented in the databases at SecurityFocus (BID 35759), X-Force (51954), Secunia (SA36193), Vulnerability Center (SBV-22959) and Tenable (40434). See 4049, 49229, 49228 and 49227 for similar entries.
VulDB Meta Base Score: 10.0
VulDB Meta Temp Score: 10.0
NVD Base Score: 🔍
Class: Privilege escalation
Status: Not defined
Saint ID: exploit_info/flash_authplay
Saint Name: Adobe Flash Player authplay.dll vulnerability
PaloAlto IPS: 🔍
07/21/2009 +50 days 🔍
07/21/2009 +0 days 🔍
07/23/2009 +2 days 🔍
07/23/2009 +0 days 🔍
07/26/2009 +3 days 🔍
07/30/2009 +4 days 🔍
08/07/2009 +8 days 🔍
03/18/2015 +2049 days 🔍
08/12/2021 +2339 days 🔍Vendor: https://www.adobe.com/
SecurityFocus: 35759 – Adobe Acrobat, Reader, and Flash Player Remote Code Execution Vulnerability
Secunia: 36193 – Gentoo update for adobe-flash and acroread, Highly Critical
Vulnerability Center: 22959 – [APSB09-10, APSB09-03] Adobe Reader and Acrobat 9- 9.1.2 and Flash Player 9-126.96.36.199, 10-10.0.22.87 Remote Code Execution, Medium
See also: 🔍
Created: 03/18/2015 15:15
Updated: 08/12/2021 20:45
Changes: (3) source_nessus_risk exploit_price_0day vulnerability_cvss2_nvd_basescore
Download the whitepaper to learn more about our service!