Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities Network Vulnerability

Summary

This host is installed with Adobe Shockwave Player and is prone to Multiple Remote Code Execution Vulnerabilities.

Impact

Successful exploitation will let the attacker execute arbitrary code in the context of the affected application by tricking a user into visiting a specially crafted web page. Impact Level: Application.

Solution

Upgrade to Adobe Shockwave Player 11.5.2.602 http://get.adobe.com/shockwave/otherversions/

Insight

- Multiple errors ocur due to the use of invalid index and invalid pointer while processing specially crafted Shockwave content. - An error while processing invalid string lenghts can result in memory corruption.

Affected

Adobe Shockwave Player prior to 11.5.2.602 on Windows.

References

http://securitytracker.com/alerts/2009/Nov/1023123.html
http://www.adobe.com/support/security/bulletins/apsb09-16.html
http://www.vupen.com/english/advisories/2009/3134

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3463, CVE-2009-3464, CVE-2009-3465, CVE-2009-3466

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities-01 Dec13 (Mac OS X)
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)
Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Jan15 (Windows)
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)

Take action and discover your vulnerabilities