Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.

References

• https://nvd.nist.gov/vuln/detail/CVE-2009-1862
• http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html
• http://bugs.adobe.com/jira/browse/FP-1265
• http://isc.sans.org/diary.html?storyid=6847
• http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
• http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
• http://news.cnet.com/8301-27080_3-10293389-245.html
• http://secunia.com/advisories/36193
• http://secunia.com/advisories/36374
• http://secunia.com/advisories/36701
• http://security.gentoo.org/glsa/glsa-200908-04.xml
• http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
• http://support.apple.com/kb/HT3864
• http://support.apple.com/kb/HT3865
• http://www.adobe.com/support/security/advisories/apsa09-03.html
• http://www.adobe.com/support/security/bulletins/apsb09-10.html
• http://www.adobe.com/support/security/bulletins/apsb09-13.html
• http://www.kb.cert.org/vuls/id/259425
• http://www.securityfocus.com/bid/35759
• http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99
• http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability