CVE-2009-3244

Description

Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.

Affected products

• Adobe / shockwave_player11.5.1.601
• Adobe / shockwave_player1.0 – 1.0
• Adobe / shockwave_player2.0 – 2.0
• Adobe / shockwave_player3.0 – 3.0
• Adobe / shockwave_player4.0 – 4.0
• Adobe / shockwave_player5.0 – 5.0
• Adobe / shockwave_player6.0 – 6.0
• Adobe / shockwave_player8.0 – 8.0
• Adobe / shockwave_player8.0.196 – 8.0.196
• Adobe / shockwave_player8.0.196a – 8.0.196a
• Adobe / shockwave_player8.0.204 – 8.0.204
• Adobe / shockwave_player8.0.205 – 8.0.205
• Adobe / shockwave_player8.5.1 – 8.5.1
• Adobe / shockwave_player8.5.1.100 – 8.5.1.100
• Adobe / shockwave_player8.5.1.103 – 8.5.1.103
• Adobe / shockwave_player8.5.1.105 – 8.5.1.105
• Adobe / shockwave_player8.5.1.106 – 8.5.1.106
• Adobe / shockwave_player8.5.321 – 8.5.321
• Adobe / shockwave_player8.5.323 – 8.5.323
• Adobe / shockwave_player8.5.324 – 8.5.324
• Adobe / shockwave_player8.5.325 – 8.5.325
• Adobe / shockwave_player9 – 9
• Adobe / shockwave_player9.0.383 – 9.0.383
• Adobe / shockwave_player9.0.432 – 9.0.432
• Adobe / shockwave_player10.0.0.210 – 10.0.0.210
• Adobe / shockwave_player10.0.1.004 – 10.0.1.004
• Adobe / shockwave_player10.1.0.11 – 10.1.0.11
• Adobe / shockwave_player10.1.0.011 – 10.1.0.011
• Adobe / shockwave_player10.1.1.016 – 10.1.1.016
• Adobe / shockwave_player10.1.4.020 – 10.1.4.020
• Adobe / shockwave_player10.2.0.021 – 10.2.0.021
• Adobe / shockwave_player10.2.0.022 – 10.2.0.022
• Adobe / shockwave_player10.2.0.023 – 10.2.0.023
• Adobe / shockwave_player11.0.0.456 – 11.0.0.456
• Adobe / shockwave_player11.0.3.471 – 11.0.3.471
• Adobe / shockwave_player11.5.0.595 – 11.5.0.595
• Adobe / shockwave_player11.5.0.596 – 11.5.0.596
• Adobe / shockwave_player11.5.2.602 – 11.5.2.602
• Adobe / shockwave_player11.5.6.606 – 11.5.6.606
• Adobe / shockwave_player11.5.7.609 – 11.5.7.609
• Adobe / shockwave_player11.5.8.612 – 11.5.8.612

References

• MISChttp://www.securityfocus.com/bid/36905
• EXPLOIThttp://www.exploit-db.com/exploits/9682
• VENDOR_ADVISORYhttp://www.adobe.com/support/security/bulletins/apsb09-16.html
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/3134
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6530
• MISChttp://securitytracker.com/id?1023123