Internet threat level: 1
Home→Descriptions→SA37214
Adobe Shockwave Player Multiple Vulnerabilities
| Secunia ID | |
| CVE-ID |
CVE-2009-3244, CVE-2009-3463, CVE-2009-3464, CVE-2009-3465, CVE-2009-3466 |
| Release Date |
04 Nov 2009 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Adobe Shockwave Player 11.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
Some vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. 1) An error related to the use of an invalid index can be exploited to potentially execute arbitrary code via specially crafted Shockwave content. 2) An error related to the use of an invalid pointer can be exploited to potentially execute arbitrary code via specially crafted Shockwave content. 3) Another error related to the use an invalid pointer can be exploited to potentially execute arbitrary code via specially crafted Shockwave content. 4) An error when processing string lengths can be exploited to cause a memory corruption and potentially execute arbitrary code. NOTE: A boundary error which results in a crash was also reported. The vulnerabilities are reported in version 11.5.1.601 and prior. |
| Solution |
Update to version 11.5.2.602: |
| Reported by |
The vendor credits Nicolas Joly, Vupen Security. |
| Original Advisory |
http://www.adobe.com/support/security/bulletins/apsb09-16.html |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.