Adobe.Flash.Player.And.AIR.AVM2.Intf

NameAdobe.Flash.Player.And.AIR.AVM2.Intf.Count.Integer.Overflow
Last Updated DateSep 22, 2009
Release DateSep 15, 2009
SeverityCritical
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems.
Denial of Service: Remote attackers can crash vulnerable systems.
DescriptionThis indicates an attack attempt against a integer overflow vulnerability in Adobe Flash Player.

The vulnerability is caused by an error when the vulnerable software handles a specially crafted SWF file. It allows a remote attacker to execute arbitrary code.
Affected ProductsAdobe Flash Player version 9.0.159.0 and previous versions
Adobe Flash Player version 10.0.22.87 and previous versions
Adobe AIR version 1.5.1 and previous versions
Recommended ActionsUpgrade to the Adobe Flash Player latest versions:
http://www.adobe.com/go/getflashplayer

Upgrade to the Adobe AIR latest versions:
http://get.adobe.com/air
Common Vulnerabilities and Exposures (CVE)http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1869
Reference/shttp://www.securityfocus.com/bid/35907 (BugTraq)
http://www.vupen.com/english/advisories/2009/2086 (FrSIRT)
Reference: VID-17642