Vulnerability Database

308,379

Total vulnerabilities in the database

CVE-2009-1866

Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.

  • Published: Jul 31, 2009
  • Updated: Nov 9, 2025
  • CVE: CVE-2009-1866
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 9.3
  • AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
adobe / air 1.01 1.01.x
adobe / air - 1.5.1.x
adobe / flash_player 9.0.48.0 9.0.48.0.x
adobe / flash_player 8.0.24.0 8.0.24.0.x
adobe / air 1.5 1.5.x
adobe / air 1.0 1.0.x
adobe / flash_player 7.1.1 7.1.1.x
adobe / flash_player 9.0.124.0 9.0.124.0.x
adobe / flash_player 9.0.47.0 9.0.47.0.x
adobe / flash_player 7.0.63 7.0.63.x
adobe / flash_player 7.0.70.0 7.0.70.0.x
adobe / flash_player 10.0.12.36 10.0.12.36.x
adobe / flash_player 8.0.35.0 8.0.35.0.x
adobe / flash_player 9.0.114.0 9.0.114.0.x
adobe / flash_player 8.0 8.0.x
adobe / air 1.1 1.1.x
adobe / flash_player 9.0.20.0 9.0.20.0.x
adobe / flash_player 9.0.31.0 9.0.31.0.x
adobe / flash_player 9.0.112.0 9.0.112.0.x
adobe / flash_player 9.0.16 9.0.16.x
adobe / flash_player 10.0.0.584 10.0.0.584.x
adobe / flash_player 9.0.28.0 9.0.28.0.x
adobe / flash_player - 10.0.22.87.x
adobe / flash_player 7.0.69.0 7.0.69.0.x
adobe / flash_player 9.0.28 9.0.28.x
adobe / flash_player 9.0.45.0 9.0.45.0.x
adobe / flex 3.0 3.0.x
adobe / flash_player 7.0 7.0.x
adobe / flash_player 7.2 7.2.x
adobe / flash_player 9.0.115.0 9.0.115.0.x
adobe / flash_player 7.0.25 7.0.25.x
adobe / flash_player 8.0.39.0 8.0.39.0.x
adobe / flash_player 8.0.34.0 8.0.34.0.x
adobe / flash_player 7.1 7.1.x
adobe / flash_player 10.0.12.10 10.0.12.10.x
adobe / flash_player 9.0.20 9.0.20.x
adobe / flash_player 7.0.1 7.0.1.x