Published: 2009-07-26T01:21+00:00
Last Updated: 2009-08-11T02:00+00:00
JVNTR-2009-18
Adobe Flash Vulnerability Affects Flash Player and Other Adobe Products (TA09-204A)
Overview
Adobe has released Security advisory APSA09-03, which describes a vulnerability affecting Adobe Flash. Other Adobe applications that include the Flash runtime, such as Adobe Reader 9, are also affected.
Event Information
Date (UTC) | Description |
2009-08-03 |
Adobe APSB09-10: Security Updates available for Adobe Flash Player Bulletin updated, Adobe Flash Player v9 and v10 for Solaris update is available. |
2009-08-03 |
Bugtraq Exploitation of CVE-2009-1869 intf_count Integer Overflow Vulnerability (CVE-2009-1869) Vulnerability Proof Of Concept #Cid: Adobe_Flash_CVE-2009-1869_v1_080309.zip #Cid: 35907.zip |
2009-07-31 18:32 |
US-CERT Adobe Releases Security Updates for Reader and Acrobat US-CERT Current Activity Adobe has released Reader 9.1.3 and Acrobat 9.1.3 to address a vulnerability. By convincing a user to open a PDF document embedded with a specially crafted SWF file, an attacker may be able to execute arbitrary code. |
2009-07-31 10:45 |
Adobe APSB09-10: Security updates available for Adobe Flash Player, Adobe Reader and Acrobat Adobe recommends users of Adobe Reader 9 and Acrobat 9 and earlier versions update to Adobe Reader 9.1.3 and Acrobat 9.1.3. |
2009-07-31 10:45 |
Adobe Update to APSB09-10 Security Bulletin Adobe Product Security Incident Response Team (PSIRT) |
2009-07-31 04:30 |
JPCERT/CC JPCERT-AT-2009-0015: Vulnerabilities in Adobe Flash Player, Adobe Acrobat/Reader |
2009-07-30 13:34 |
Adobe Security Bulletin Posted for Adobe Flash Player Adobe Product Security Incident Response Team (PSIRT) |
2009-07-30 13:34 |
Adobe APSB09-10: Security Updates available for Adobe Flash Player Adobe recommends users of Adobe Flash Player 9.x and 10.x and earlier versions update to Adobe Flash Player 9.0.246.0 and 10.0.32.18. Adobe recommends users of Adobe AIR version 1.5.1 and earlier versions update to Adobe AIR 1.5.2. |
2009-07-27 19:00 |
IBM Internet Security Systems AlertCon (2) => (1) |
2009-07-23 21:00 |
IBM Internet Security Systems AlertCon (1) => (2) Due to increasing reports of active exploitation of the Adobe Reader, Acrobat, and Flash vulnerability, the IBM ISS X-Force has raised the Threat Level to AlertCon 2. US-CERT has issued "Technical Cyber Security Alert TA09-204A" in regards to this exploitation. |
2009-07-23 20:13 |
SANS Internet Storm Center YA0D (Yet Another 0-Day) in Adobe Flash player (Version: 4) Well, it looks like the last two weeks have definitely been marked by multiple 0-day exploits actively used in the wild. The last one exploits a vulnerability in Adobe Flash player (versions 9 and 10) as well as Adobe Reader and Acrobat 9.1.2. Besides being a 0-day there are some other interesting things about this exploit. |
2009-07-23 18:14 |
US-CERT TA09-204A: Adobe Flash Vulnerability Affects Flash Player and Other Adobe Products Via US-CERT Mailing List |
2009-07-23 17:46 |
US-CERT Adobe Reader, Acrobat and Flash Player Vulnerability US-CERT Current Activity Adobe has released a security advisory to address a vulnerability in Adobe Reader and Acrobat 9.1.2 and Flash Player 9 and 10. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. |
2009-07-23 01:47 |
McAfee New Zero-Day Attacks Use PDF Documents Computer Security Research - McAfee Avert Labs Blog Today, a new unpatched Adobe vulnerability has been discovered in the wild. It takes advantage of a new feature to add interactive Flash (SWF) content into PDF files. This bug was found to affect at least Adobe Reader and Acrobat 9.1.2 , as well as Adobe Flash Player 9 or later. |
2009-07-22 20:41 |
US-CERT Adobe Reader, Acrobat and Flash Player Vulnerability US-CERT Current Activity Adobe has released a blog post indicating that it is aware of reports of a vulnerability affecting Adobe Reader and Acrobat 9.1.2 and Flash Player 9 and 10. |
2009-07-22 19:08 |
Adobe apsa09-03: Security advisory for Adobe Reader, Acrobat and Flash Player A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows. |
2009-07-22 19:08 |
Adobe Update on Adobe Reader, Acrobat and Flash Player Issue Adobe Product Security Incident Response Team (PSIRT) |
2009-07-22 18:04 |
Symantec Next-Generation Flash Vulnerability Recently we came into possession of an Adobe Acrobat PDF file that upon opening drops and executes a malicious binary. It was quite clear that this PDF was exploiting some vulnerability in order to drop its payload |
2009-07-22 16:41 |
Symantec ThreatCON (1) => (2) The ThreatCon is at Level 2. On July 21, 2009, Symantec became aware of a previously unknown vulnerability affecting Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10. Attackers can exploit the issue to execute arbitrary code. |
2009-07-22 |
IBM Internet Security Systems Adobe Acrobat and Adobe Flash Remote Code Execution A vulnerability in Adobe Acrobat, Adobe Reader, and Adobe Flash can result in remote code execution. This vulnerability was made public upon discovery that it was being exploited in the wild on July 21, 2009. |
2009-07-22 |
Symantec Trojan.Pidief.G |
2009-07-21 21:27 |
Adobe Potential Adobe Reader, Acrobat, and Flash Player issue Adobe Product Security Incident Response Team (PSIRT) |
2009-07-21 |
McAfee Exploit-PDF.t |
2009-04-09 |
iDefense Adobe Flash Player URL Parsing Heap Overflow Vulnerability URL Parsing Heap Overflow Vulnerability (CVE-2009-1868) Vulnerability Reported When a specifically crafted URL is passed to Flash Player, a heap overflow can occur and could result in arbitrary code execution. |
2008-08-25 |
iDefense Adobe Flash Player Invalid Loader Object Reference Vulnerability Loader Object Reference Vulnerability (CVE-2009-1864) Vulnerability Reported During the processing of a Shockwave Flash file, an object can be created, along with multiple references that point to the object. The object can be destroyed and its associated references removed. However a reference can incorrectly remain pointing to the object. The invalid object resides in uninitialized memory, which the attacker may control to gain arbitrary execution control. |