Adobe Flash Player authplay.dll vulnerability

Added: 08/26/2009
CVE: CVE-2009-1862
BID: 35759
OSVDB: 56282

Background

Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.

Problem

A vulnerability in authplay.dll in Adobe Flash Player allows command execution when a user opens a specially crafted .swf file.

Resolution

Apply the update referenced in APSB09-10.

References

http://www.adobe.com/support/security/advisories/apsa09-03.html
http://www.kb.cert.org/vuls/id/259425

Limitations

Exploit works on Flash Player 10.0.22.87 and requires a user to load the exploit page into Internet Explorer 6 or 7.

After a user loads the exploit page, there may be a delay before the exploit succeeds.

Platforms

Windows XP

Back to exploit index