CVE-2009-4003

2010-01-21 20:30:00 2018-10-10 21:48:01

Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Adobe Shockwave Player 11.5.1.601 Adobe Shockwave Player 11.5.0.596 Adobe Shockwave Player 11.5.0.595 Adobe Shockwave Player 11.0.0.456 Adobe Shockwave Player 10.1.0.11 Adobe Shockwave Player 8.5.1 Adobe Shockwave Player 9 Adobe Shockwave Player 8.0 Adobe Shockwave Player 6.0 Adobe Shockwave Player 5.0 Adobe Shockwave Player 4.0 Adobe Shockwave Player 3.0 Adobe Shockwave Player 2.0 Adobe Shockwave Player 1.0 Adobe Shockwave Player 11.5.2.602

Adobe - Shockwave player

Advisory	Patch	Confirmed	Link
			shockwave-shockwave-bo(55759)
			ADV-2010-0171
			37872
			20100120 Secunia Research: Adobe Shockwave Player 3D Mod...
			http://www.adobe.com/support/security/bulletins/apsb10-0...
			20100120 Secunia Research: Adobe Shockwave Player Four I...
			20100120 Secunia Research: Adobe Shockwave Player Intege...
			1023481

CVE-2009-4003

2010-01-21 20:30:00 2018-10-10 21:48:01

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)