CVE-2009-1860 – Adobe Shockwave Player Director File Parsing Pointer Overwrite Vulnerability

https://notcve.org/view.php?id=CVE-2009-1860

Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content. Vulnerabilidad sin especificar en Adobe Shockwave Player anterior a v11.5.0.600 permite a atacantes remotos ejecutar código de su elección a través de contenido Shockwave Player 10 manipulado. This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Shockwave Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when the Shockwave player attempts to load a specially crafted Adobe Director File. When a malicious value is used during a memory dereference a possible 4-byte memory overwrite may occur. • http://secunia.com/advisories/35544 http://www.adobe.com/support/security/bulletins/apsb09-08.html http://www.securityfocus.com/bid/35469 http://www.securitytracker.com/id?1022440 •