CVE-2009-3464

2009-11-0415:30:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2009-3464

adobe shockwave player

remote code execution

web security

vulnerability

nvd

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.073 Low

EPSS

Percentile

94.0%

JSON

Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an “invalid pointer vulnerability,” a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
adobe:shockwave_playeradobe shockwave playereq5.0
adobe:shockwave_playeradobe shockwave playereq4.0
adobe:shockwave_playeradobe shockwave playereq8.5.1
adobe:shockwave_playeradobe shockwave playereq11.0.0.456
adobe:shockwave_playeradobe shockwave playereq6.0
adobe:shockwave_playeradobe shockwave playereq10.1.0.11
adobe:shockwave_playeradobe shockwave playereq11.5.0.596
adobe:shockwave_playeradobe shockwave playereq1.0
adobe:shockwave_playeradobe shockwave playerle11.5.1.601
adobe:shockwave_playeradobe shockwave playereq2.0

CPE	Name	Operator	Version
adobe:shockwave_player	adobe shockwave player	eq	5.0
adobe:shockwave_player	adobe shockwave player	eq	4.0
adobe:shockwave_player	adobe shockwave player	eq	8.5.1
adobe:shockwave_player	adobe shockwave player	eq	11.0.0.456
adobe:shockwave_player	adobe shockwave player	eq	6.0
adobe:shockwave_player	adobe shockwave player	eq	10.1.0.11
adobe:shockwave_player	adobe shockwave player	eq	11.5.0.596
adobe:shockwave_player	adobe shockwave player	eq	1.0
adobe:shockwave_player	adobe shockwave player	le	11.5.1.601
adobe:shockwave_player	adobe shockwave player	eq	2.0