Computer Security
[EN] securityvulns.ru no-pyccku


Adobe Shockwave Player integer overflows
updated since 20.01.2010
Published:21.01.2010
Source:
SecurityVulns ID:10535
Type:client
Threat Level:
7/10
Description:Integer overflows and buffer overflow on Shockwave processing.
Affected:ADOBE : Shockwave Player 11.5
CVE:CVE-2009-4003 (Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption.)
 CVE-2009-4002 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file.)
Original documentdocumentSECUNIA, Secunia Research: Adobe Shockwave Player 3D Model Buffer Overflow (21.01.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Integer Overflow Vulnerability (20.01.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod