Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities Network Vulnerability

Summary

This host is installed with Adobe Shockwave Player and is prone to Multiple Remote Code Execution Vulnerabilities.

Impact

Successful exploitation will let the attacker execute arbitrary code in the context of the affected application by tricking a user into visiting a specially crafted web page. Impact Level: Application.

Solution

Upgrade to Adobe Shockwave Player 11.5.2.602 http://get.adobe.com/shockwave/otherversions/

Insight

- Multiple errors ocur due to the use of invalid index and invalid pointer while processing specially crafted Shockwave content. - An error while processing invalid string lenghts can result in memory corruption.

Affected

Adobe Shockwave Player prior to 11.5.2.602 on Windows.

References

http://securitytracker.com/alerts/2009/Nov/1023123.html
http://www.adobe.com/support/security/bulletins/apsb09-16.html
http://www.vupen.com/english/advisories/2009/3134

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3463, CVE-2009-3464, CVE-2009-3465, CVE-2009-3466

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Remote Code Execution Vulnerability(Win)
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)
Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
Adobe Air Multiple Vulnerabilities - October 12 (Windows)
Adobe AIR Multiple Vulnerabilities -02 April 13 (Mac OS X)

Take action and discover your vulnerabilities