Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3244 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Shockwave Player

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
9.3CRITICALNVD
EPSS
41.6%
top 2.58%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Shockwave Player
Timeline
PublishedSep 18
Latest updateMay 2

Description

Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

â–¶NVDadobe/shockwave_player11.5.1.601+40

🔴Vulnerability Details

2
GHSA
GHSA-cp6v-68qx-j42x: Heap-based buffer overflow in the SwDir↗2022-05-02
â–¶
CVEList
CVE-2009-3244: Heap-based buffer overflow in the SwDir↗2009-09-18
â–¶

💥Exploits & PoCs

2
Exploit-DB
Adobe Shockwave Player 11.5.1.601 - Multiple Code Executions↗2009-11-04
â–¶
Exploit-DB
Adobe Shockwave Player 11.5.1.601 - ActiveX Buffer Overflow (PoC)↗2009-09-15
â–¶
CVE-2009-3244 — Adobe Shockwave Player vulnerability | cvebase