Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-1869

Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.

Related bugs and status

CVE-2009-1869 (Candidate) is related to these bugs:

Bug #408203: APSB09-10 update to Adobe Reader 9.1.3

Summary				In	Importance	Status
	408203	APSB09-10 update to Adobe Reader 9.1.3		Ubuntu Japanese Kaizen Project	High	Fix Released

Bug #410152: [karmic] Flash Player not updated to 10.0.32.18

Summary				In	Importance	Status
	410152	[karmic] Flash Player not updated to 10.0.32.18		adobe-flashplugin (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.adobe.com/s...
BID: 35890
VUPEN: ADV-2009-2086
SECTRACK: 1022629
OSVDB: 56777
MISC: http://roeehay.blogspo...
MISC: http://roeehay.blogspo...
GENTOO: GLSA-200908-04
SECUNIA: 36193
BID: 35907
CONFIRM: http://www.adobe.com/s...
SECUNIA: 36374
SUNALERT: 266108
CONFIRM: http://support.apple.c...
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2009-09-10-1
APPLE: APPLE-SA-2009-09-10-2
SECUNIA: 36701
XF: flash-air-code-executi...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20090802 Advisory: Ado...