Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3463

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-3463
Last Modified 21 Aug 2010 01:35:51
Published 04 Nov 2009 10:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-3463

Summary

Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Adobe Shockwave Player 1.0

  • Adobe Shockwave Player 10.1.0.11

  • Adobe Shockwave Player 11.0.0.456

  • Adobe Shockwave Player 11.5.0.595

  • Adobe Shockwave Player 11.5.0.596

  • Adobe Shockwave Player 11.5.1.601

  • Adobe Shockwave Player 2.0

  • Adobe Shockwave Player 3.0

  • Adobe Shockwave Player 4.0

  • Adobe Shockwave Player 5.0

  • Adobe Shockwave Player 6.0

  • Adobe Shockwave Player 8.0

  • Adobe Shockwave Player 8.5.1

  • Adobe Shockwave Player 9


References

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb09-16.html

XF - shockwave-index-code-execution(54118)

VUPEN - ADV-2009-3134

BID - 36905

SECTRACK - 1023123

Related Patches

Adobe APSB09-16 Shockwave Player 11.5.2.602 Security Update for Macintosh

Adobe APSB09-16 Shockwave Player 11.5.2.602 (Upgrade) (All Languages)


Last Updated: 27 May 2016 10:51:16