CVE-2009-4003

Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption.

Affected Software

Name	Vendor	Start Version	End Version
Shockwave_player	Adobe	*	11.5.2.602 (including)
Shockwave_player	Adobe	1.0 (including)	1.0 (including)
Shockwave_player	Adobe	2.0 (including)	2.0 (including)
Shockwave_player	Adobe	3.0 (including)	3.0 (including)
Shockwave_player	Adobe	4.0 (including)	4.0 (including)
Shockwave_player	Adobe	5.0 (including)	5.0 (including)
Shockwave_player	Adobe	6.0 (including)	6.0 (including)
Shockwave_player	Adobe	8.0 (including)	8.0 (including)
Shockwave_player	Adobe	8.5.1 (including)	8.5.1 (including)
Shockwave_player	Adobe	9 (including)	9 (including)
Shockwave_player	Adobe	10.1.0.11 (including)	10.1.0.11 (including)
Shockwave_player	Adobe	11.0.0.456 (including)	11.0.0.456 (including)
Shockwave_player	Adobe	11.5.0.595 (including)	11.5.0.595 (including)
Shockwave_player	Adobe	11.5.0.596 (including)	11.5.0.596 (including)
Shockwave_player	Adobe	11.5.1.601 (including)	11.5.1.601 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-4003
CWE	https://cwe.mitre.org/data/definitions/189.html

Affected Software

References