CVE Daily

CVE-2009-4003

Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow rem...

Critical CVSS 9.3

Overview

Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption.

CWE: CWE-189 Published: 2010-01-21T19:30:00.820
Risk analysis

This vulnerability is rated 🔴 CRITICAL.

  • CVSS: 9.3 (CRITICAL)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags