CVSS: 9.3EPSS: 4%CPEs: 14EXPL: 0CVE-2009-3466
https://notcve.org/view.php?id=CVE-2009-3466
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information. Adobe Shockwave Player anterior a v11.5.2.602, permite a atacantes remotos ejecutar código de su elección a través de una página web manipulada que provoca una corrupción de memoria. Relacionado con la "vulnerabilidad de longitud de cadena inválida". NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros. • http://securitytracker.com/id?1023123 http://www.adobe.com/support/security/bulletins/apsb09-16.html http://www.securityfocus.com/bid/36905 http://www.vupen.com/english/advisories/2009/3134 https://exchange.xforce.ibmcloud.com/vulnerabilities/54121 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6395 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 7%CPEs: 14EXPL: 0CVE-2009-3464
https://notcve.org/view.php?id=CVE-2009-3464
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information. Adobe Shockwave Player anerior a v11.5.2.602, permite a atacantes remotos ejecutar código de su elección a través un contenido Shockwave manipulado en una página web. Relacionado con la "vulnerabilidad de puntero inválido. Cuestión distinta de CVE-2009-3465. • http://securitytracker.com/id?1023123 http://www.adobe.com/support/security/bulletins/apsb09-16.html http://www.securityfocus.com/bid/36905 http://www.vupen.com/english/advisories/2009/3134 https://exchange.xforce.ibmcloud.com/vulnerabilities/54119 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6394 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 7%CPEs: 14EXPL: 0CVE-2009-3463
https://notcve.org/view.php?id=CVE-2009-3463
Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information. Error de indexación de array en Adobe Shockwave Player anterior a v11.5.2.602, permite a atacantes remotos ejecutar código de su elección a través de un contenido Shockwave manipulado en un sitios web. NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros. • http://securitytracker.com/id?1023123 http://www.adobe.com/support/security/bulletins/apsb09-16.html http://www.securityfocus.com/bid/36905 http://www.vupen.com/english/advisories/2009/3134 https://exchange.xforce.ibmcloud.com/vulnerabilities/54118 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5677 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 7%CPEs: 14EXPL: 0CVE-2009-3465
https://notcve.org/view.php?id=CVE-2009-3465
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information. Adobe Shockwave Player anerior a v11.5.2.602, permite a atacantes remotos ejecutar código de su elección a través un contenido Shockwave manipulado en una página web. Relacionado con la "vulnerabilidad de puntero inválido. Cuestión distinta de CVE-2009-3464. • http://securitytracker.com/id?1023123 http://www.adobe.com/support/security/bulletins/apsb09-16.html http://www.securityfocus.com/bid/36905 http://www.vupen.com/english/advisories/2009/3134 https://exchange.xforce.ibmcloud.com/vulnerabilities/54120 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5722 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 84%CPEs: 41EXPL: 3CVE-2009-3244 – Adobe Shockwave Player 11.5.1.601 - Multiple Code Executions
https://notcve.org/view.php?id=CVE-2009-3244
Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value. Un desbordamiento de búfer en la región heap de la memoria en el control ActiveX de la biblioteca SwDir.dll en Shockwave Player de Adobe versiones 11.5.1.601 y anteriores, permite a los atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de un valor de propiedad PlayerVersion largo. • https://www.exploit-db.com/exploits/10093 https://www.exploit-db.com/exploits/9682 http://securitytracker.com/id?1023123 http://www.adobe.com/support/security/bulletins/apsb09-16.html http://www.exploit-db.com/exploits/9682 http://www.securityfocus.com/bid/36905 http://www.vupen.com/english/advisories/2009/3134 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6530 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •