Tenable Network Security
Solutions Products Nessus Demos Partners Online Store
Nessus
Download
Plugins
     Newest Plugins
     Obtain an activation code
     View all plugins
     Search
Documentation
Register
Buy Now
ProfessionalFeed Support
Bugs
All the Tenable Products

Shockwave Player < 11.5.0.602 Multiple Vulnerabilities (APSB09-16)
This script is Copyright (C) 2009-2010 Tenable Network Security, Inc.

FamilyWindows
Nessus Plugin ID42369 (shockwave_player_apsb09_16.nasl)
Bugtraq ID36905
CVE IDCVE-2009-3244
CVE-2009-3463
CVE-2009-3464
CVE-2009-3465
CVE-2009-3466

Description:
Synopsis :

The remote Windows host contains a web browser plugin which is affected
by multiple vulnerabilities.

Description :

The remote Windows host contains a version of Adobe's Shockwave Player
that is earlier than 11.5.0.602. Such versions are affected by
multiple issues :

- An invalid index vulnerability could lead to code
execution. (CVE-2009-3463)

- Invalid pointer vulnerabilities could lead to code
execution. (CVE-2009-3464, CVE-2009-3465)

- An invalid string length vulnerability could potentially
lead to code execution. (CVE-2009-3466)

- A boundary condition issue could lead to a denial
of service. (CVE-2009-3244)

See also :

http://www.adobe.com/support/security/bulletins/apsb09-16.html

Solution :

Upgrade to Adobe Shockwave version 11.5.0.602 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
About us | Whitepapers | Training | Discussion Forums | Support Portal | Blog | RSS feeds | Contact us | Legal | Privacy

© Copyright 2002 - 2010 Tenable Network Security(R). All Rights Reserved.

This is the web site for the Nessus Vulnerability Scanner from Tenable Network Security. If you are looking for the probabilistic analysis software from Southwest Research Institute, please visit www.nessus.swri.org