CVE-2009-3466

Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an invalid string length vulnerability. NOTE: some of these details are obtained from third party information.

Affected Software

Name	Vendor	Start Version	End Version
Shockwave_player	Adobe	*	11.5.1.601 (including)
Shockwave_player	Adobe	1.0 (including)	1.0 (including)
Shockwave_player	Adobe	2.0 (including)	2.0 (including)
Shockwave_player	Adobe	3.0 (including)	3.0 (including)
Shockwave_player	Adobe	4.0 (including)	4.0 (including)
Shockwave_player	Adobe	5.0 (including)	5.0 (including)
Shockwave_player	Adobe	6.0 (including)	6.0 (including)
Shockwave_player	Adobe	8.0 (including)	8.0 (including)
Shockwave_player	Adobe	8.5.1 (including)	8.5.1 (including)
Shockwave_player	Adobe	9 (including)	9 (including)
Shockwave_player	Adobe	10.1.0.11 (including)	10.1.0.11 (including)
Shockwave_player	Adobe	11.0.0.456 (including)	11.0.0.456 (including)
Shockwave_player	Adobe	11.5.0.595 (including)	11.5.0.595 (including)
Shockwave_player	Adobe	11.5.0.596 (including)	11.5.0.596 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-3466
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References