What is CVE-2009-1862?

A high-severity vulnerability in Adobe Acrobat and Reader, as well as Flash Player, allows remote code execution. Organizations must address this critical issue due to its exploitation potential.

What is the severity of CVE-2009-1862?

CVE-2009-1862 has a severity rating of HIGH with a CVSS base score of 7.8.

Is CVE-2009-1862 in CISA KEV?

Yes. CVE-2009-1862 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2009-1862 | High Vulnerability in Adobe Acrobat and Reader, Flash Player

CVE-2009-1862 is a high-severity vulnerability affecting Adobe Acrobat and Reader versions 9.x through 9.1.2, and Flash Player versions 9.x through 9.0.159.0 and 10.x through 10.0.22.87. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) through crafted Flash applications embedded in PDF files or through crafted SWF files, specifically related to authplay.dll. The vulnerability was actively exploited in the wild in July 2009.

The CVSS score for this vulnerability is 7.8, indicating a high severity level. It is categorized under the CWE-787 classification, which refers to out-of-bounds write vulnerabilities. Given the potential for significant impact, organizations using affected Adobe products should take immediate action.

Risk to organizations includes unauthorized code execution, which could lead to a complete compromise of the affected system. Additionally, the potential for denial of service attacks increases operational disruptions. Organizations should prioritize patching immediately.

While there are currently no known exploits publicly available for this vulnerability, its presence in the KEV (Known Exploited Vulnerabilities) catalog indicates a significant risk. Organizations must remain vigilant and address this issue in their security posture.

Vulnerability Details

This vulnerability allows for arbitrary code execution or denial of service attacks. It primarily affects Adobe Acrobat and Reader, as well as Adobe Flash Player. The CVSS score of 7.8 signifies a high severity, with the potential for high impacts on confidentiality, integrity, and availability.

Technical Analysis

The root cause of this vulnerability is related to memory corruption in the authplay.dll component. The attack vector is local, requiring user interaction to trigger the vulnerability through crafted Flash applications or SWF files. The attack complexity is low, and no privileges are required to initiate the attack, although user interaction is needed.

The impact on confidentiality, integrity, and availability is high, as attackers may gain complete control over the affected systems.

Risk & Impact Analysis

Organizations using Adobe Acrobat, Reader, or Flash Player are at significant risk due to the potential for arbitrary code execution. The blast radius of this vulnerability could impact not only individual users but also entire organizational infrastructures if exploited. Given the CVSS score of 7.8 and its inclusion in the KEV catalog, organizations should address this vulnerability as part of their priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

The affected versions include Adobe Acrobat and Reader versions 9.0 to 9.1.2, and Adobe Flash Player versions 9.0 to 9.0.159.0 and 10.0 to 10.0.22.87. Organizations should verify their versions and apply necessary patches.

Mitigation & Remediation

Organizations must apply the latest updates provided by Adobe for affected versions of Acrobat, Reader, and Flash Player. Since Flash Player is end-of-life, organizations should consider disconnecting it from their networks if still in use. For further guidance on vulnerability management, organizations can refer to vulnerability management programs that outline best practices.

Detection Guidance

Security teams should monitor logs for indicators of unusual activities associated with Adobe applications. Behavioral anomalies, such as unexpected application crashes or unauthorized processes, should also be flagged. Additionally, network signatures for potential exploits should be established.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2009-1862 highlights the ongoing risks associated with legacy software. Organizations must recognize patterns of exploitation that emerge with vulnerabilities in widely used applications. Security teams should prioritize timely updates and engage in proactive security measures to mitigate similar risks in the future. Understanding these vulnerabilities is crucial for maintaining secure systems, and organizations are encouraged to develop penetration testing strategies that adapt to the evolving threat landscape.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2009-1862: High Vulnerability in Adobe Acrobat and Reader, Flash Player