Signature Detail
Short Name |
HTTP:STC:ADOBE:SHOCKWAVE-3D-OF |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Adobe Shockwave 3D Stucture HeapOoverflow |
Release Date |
2015/06/09 |
Update Number |
2503 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Adobe Shockwave 3D Stucture HeapOoverflow
This signature detects attempts to exploit a known vulnerability against Adobe Shockwave 3D. A successful attack can lead to memory corruption and arbitrary code execution.
Extended Description
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file.
Affected Products
- adobe shockwave_player 1.0
- adobe shockwave_player 10.1.0.11
- adobe shockwave_player 11.0.0.456
- adobe shockwave_player 11.5.0.595
- adobe shockwave_player 11.5.0.596
- adobe shockwave_player 11.5.1.601
- adobe shockwave_player 2.0
- adobe shockwave_player 3.0
- adobe shockwave_player 4.0
- adobe shockwave_player 5.0
- adobe shockwave_player 6.0
- adobe shockwave_player 8.0
- adobe shockwave_player 8.5.1
- adobe shockwave_player 9
- adobe shockwave_player up to 11.5.2.602
References
- BugTraq: 37870
- CVE: CVE-2009-4003
- CVE: CVE-2009-4002