Computer Security
[EN] securityvulns.ru no-pyccku


Adobe Shockwave Player Multiple security vulnerabilities
Published:05.11.2009
Source:
SecurityVulns ID:10374
Type:client
Threat Level:
8/10
Description:Multiple vulnerabilities lead to code executions.
Affected:ADOBE : Shockwave Player 11.5
CVE:CVE-2009-3466 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information.)
 CVE-2009-3465 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information.)
 CVE-2009-3464 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information.)
 CVE-2009-3463 (Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information.)
 CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe ShockWave Player 11.5.1.601 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.)
Original documentdocumentVUPEN Security Research, VUPEN Security - Adobe Shockwave Player Multiple Code Execution Vulnerabilities (05.11.2009)
 documentADOBE, Security updates available for Shockwave Player (05.11.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod