CVE-2009-3244

EPSS 46.11%
Veröffentlicht 18.09.2009 10:30:01
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Shockwave Player Version <= 11.5.1.601

Adobe ≫ Shockwave Player Version1.0

Adobe ≫ Shockwave Player Version2.0

Adobe ≫ Shockwave Player Version3.0

Adobe ≫ Shockwave Player Version4.0

Adobe ≫ Shockwave Player Version5.0

Adobe ≫ Shockwave Player Version6.0

Adobe ≫ Shockwave Player Version8.0

Adobe ≫ Shockwave Player Version8.0.196

Adobe ≫ Shockwave Player Version8.0.196a

Adobe ≫ Shockwave Player Version8.0.204

Adobe ≫ Shockwave Player Version8.0.205

Adobe ≫ Shockwave Player Version8.5.1

Adobe ≫ Shockwave Player Version8.5.1.100

Adobe ≫ Shockwave Player Version8.5.1.103

Adobe ≫ Shockwave Player Version8.5.1.105

Adobe ≫ Shockwave Player Version8.5.1.106

Adobe ≫ Shockwave Player Version8.5.321

Adobe ≫ Shockwave Player Version8.5.323

Adobe ≫ Shockwave Player Version8.5.324

Adobe ≫ Shockwave Player Version8.5.325

Adobe ≫ Shockwave Player Version9

Adobe ≫ Shockwave Player Version9.0.383

Adobe ≫ Shockwave Player Version9.0.432

Adobe ≫ Shockwave Player Version10.0.0.210

Adobe ≫ Shockwave Player Version10.0.1.004

Adobe ≫ Shockwave Player Version10.1.0.11

Adobe ≫ Shockwave Player Version10.1.0.011

Adobe ≫ Shockwave Player Version10.1.1.016

Adobe ≫ Shockwave Player Version10.1.4.020

Adobe ≫ Shockwave Player Version10.2.0.021

Adobe ≫ Shockwave Player Version10.2.0.022

Adobe ≫ Shockwave Player Version10.2.0.023

Adobe ≫ Shockwave Player Version11.0.0.456

Adobe ≫ Shockwave Player Version11.0.3.471

Adobe ≫ Shockwave Player Version11.5.0.595

Adobe ≫ Shockwave Player Version11.5.0.596

Adobe ≫ Shockwave Player Version11.5.2.602

Adobe ≫ Shockwave Player Version11.5.6.606

Adobe ≫ Shockwave Player Version11.5.7.609

Adobe ≫ Shockwave Player Version11.5.8.612

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	46.11%	0.973

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://securitytracker.com/id?1023123

http://www.adobe.com/support/security/bulletins/apsb09-16.html

http://www.exploit-db.com/exploits/9682

http://www.securityfocus.com/bid/36905

http://www.vupen.com/english/advisories/2009/3134

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6530

https://nvd.nist.gov/vuln/detail/CVE-2009-3244

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-3244

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-3244

EUVD