Summary
This host has Adobe Shockwave Player installed and is prone to Buffer Overflow vulnerabilities.
Impact
Successful attack could allow attackers to execute arbitrary code and compromise a vulnerable system.
Impact Level: System/Application
Solution
Upgrade to Adobe Shockwave Player 11.5.6.606 or later.
For updates refer to http://get.adobe.com/shockwave/otherversions/
Insight
These flaws are caused by buffer and integer overflow errors when processing Shockwave files or 3D models, which could be exploited to execute arbitrary code by tricking a user into visiting a specially crafted web page.
Affected
Adobe Shockwave Player prior to 11.5.6.606 on Windows.
References
- http://secunia.com/secunia_research/2009-61/
- http://securitytracker.com/alerts/2010/Jan/1023481.html
- http://www.adobe.com/support/security/bulletins/apsb10-03.html
- http://www.securityfocus.com/archive/1/archive/1/509062/100/0/threaded
- http://www.vupen.com/english/advisories/2010/0171
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-4002, CVE-2009-4003 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Audition '.ses' Multiple Buffer Overflow Vulnerabilities (Windows)
- Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
- Cscope Multiple Buffer Overflow vulnerability
- Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Linux)
- Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Mac OS X)