Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22742
HistoryNov 05, 2009 - 12:00 a.m.

Security updates available for Shockwave Player

2009-11-0500:00:00
vulners.com
16
JSON

Security updates available for Shockwave Player

Release date: November 3, 2009

Vulnerability identifier: APSB09-16

CVE number: CVE-2009-3244, CVE-2009-3463, CVE-2009-3464, CVE-2009-3465, CVE-2009-3466

Platform: Windows and Macintosh
Summary

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.1.601 and earlier versions. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations using the instructions provided below.
Affected software versions

Shockwave Player 11.5.1.601 and earlier versions
Solution

Adobe recommends Shockwave Player users install Shockwave Player version 11.5.2.602 available here: http://get.adobe.com/shockwave/.
Severity rating

Adobe categorizes this as a critical update and recommends that users apply the update for their product installations.
Details

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.1.601 and earlier versions. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities.

This update resolves an invalid index vulnerability that could potentially lead to code execution (CVE-2009-3463).

This update resolves invalid pointer vulnerabilities that could potentially lead to code execution (CVE-2009-3464, CVE-2009-3465).

This update resolves an invalid string length vulnerability that could potentially lead to code execution (CVE-2009-3466).

This update resolves a boundary condition issue that could lead to a Denial of Service (DoS) issue (CVE-2009-3244).
Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers' security:

* Nicolas Joly of VUPEN Security (CVE-2009-3463, CVE-2009-3464, CVE-2009-3465, CVE-2009-3466)

Related

nessus 2
securityvulns 2
openvas 4
seebug 2
prion 5
cve 5
nessus
nessus
Adobe Shockwave Player <= 11.5.1.601 Multiple Vulnerabilities (APSB09-16) (Mac OS X)
2014-12-22 00:00:00
Shockwave Player <= 11.5.1.601 Multiple Vulnerabilities (APSB09-16)
2009-11-04 00:00:00
securityvulns
securityvulns
Adobe Shockwave Player Multiple security vulnerabilities
2009-11-05 00:00:00
VUPEN Security - Adobe Shockwave Player Multiple Code Execution Vulnerabilities
2009-11-05 00:00:00
openvas
openvas
Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities
2009-11-09 00:00:00
Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities
2009-11-09 00:00:00
Adobe Shockwave Player ActiveX Control BOF Vulnerability
2009-09-24 00:00:00
seebug
seebug
Adobe Shockwave Player Multiple Code Execution Vulnerabilities
2009-11-05 00:00:00
Adobe ShockWave Player SwDir.dll控件堆溢出漏洞
2009-09-22 00:00:00
prion
prion
Design/Logic Flaw
2009-11-04 15:30:00
Design/Logic Flaw
2009-11-04 15:30:00
Heap overflow
2009-09-18 10:30:00
cve
cve
CVE-2009-3465
2009-11-04 15:30:00
CVE-2009-3464
2009-11-04 15:30:00
CVE-2009-3466
2009-11-04 15:30:00
JSON
Related for SECURITYVULNS:DOC:22742
nessus2securityvulns2openvas4seebug2prion5cve5