CVE-2009-4003: Buffer Overflow
First published: Thu Jan 21 2010(Updated: )
Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption.
Credit: PSIRT-CNA@flexerasoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Shockwave Player | =5.0 | |
| Adobe Shockwave Player | =4.0 | |
| Adobe Shockwave Player | =8.5.1 | |
| Adobe Shockwave Player | =11.5.1.601 | |
| Adobe Shockwave Player | =11.0.0.456 | |
| Adobe Shockwave Player | =6.0 | |
| Adobe Shockwave Player | =10.1.0.11 | |
| Adobe Shockwave Player | =11.5.0.596 | |
| Adobe Shockwave Player | =1.0 | |
| Adobe Shockwave Player | =2.0 | |
| Adobe Shockwave Player | =8.0 | |
| Adobe Shockwave Player | <=11.5.2.602 | |
| Adobe Shockwave Player | =3.0 | |
| Adobe Shockwave Player | =11.5.0.595 | |
| Adobe Shockwave Player | =9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securitytracker.com/id?1023481
- http://www.securityfocus.com/bid/37872
- http://secunia.com/secunia_research/2009-63/
- http://secunia.com/secunia_research/2010-1/
- http://secunia.com/secunia_research/2009-62/
- http://www.vupen.com/english/advisories/2010/0171
- http://www.adobe.com/support/security/bulletins/apsb10-03.html
- http://secunia.com/advisories/37888
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55759
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8538
- http://www.securityfocus.com/archive/1/509058/100/0/threaded
- http://www.securityfocus.com/archive/1/509055/100/0/threaded
- http://www.securityfocus.com/archive/1/509053/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2009-4003?
CVE-2009-4003 is rated as critical due to its potential to allow remote code execution.
How do I fix CVE-2009-4003?
The recommended fix for CVE-2009-4003 is to update Adobe Shockwave Player to the latest version that is available.
What types of attacks can CVE-2009-4003 be used for?
CVE-2009-4003 can be exploited by remote attackers to execute arbitrary code via crafted Shockwave files.
What versions of Adobe Shockwave Player are affected by CVE-2009-4003?
CVE-2009-4003 affects Adobe Shockwave Player versions up to 11.5.2.602.
What should I do if my system is using an affected version of Shockwave Player?
If using an affected version of Shockwave Player, it is important to uninstall it or update to the latest secure version immediately.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- agent/source
- vendor/adobe
- canonical/adobe shockwave player
- version/adobe shockwave player/5.0
- version/adobe shockwave player/4.0
- version/adobe shockwave player/8.5.1
- version/adobe shockwave player/11.5.1.601
- version/adobe shockwave player/11.0.0.456
- version/adobe shockwave player/6.0
- version/adobe shockwave player/10.1.0.11
- version/adobe shockwave player/11.5.0.596
- version/adobe shockwave player/1.0
- version/adobe shockwave player/2.0
- version/adobe shockwave player/8.0
- version/adobe shockwave player/11.5.2.602
- version/adobe shockwave player/3.0
- version/adobe shockwave player/11.5.0.595
- version/adobe shockwave player/9