CVE-2009-3244

Adobe Shockwave Player < 11.5.1.601 - Heap-Based Buffer Overflow via PlayerVersion Property

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-3244. PoCs published by Francis Provencher.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Adobe Shockwave Player via an overly long string passed to the PlayerVersion property. It triggers a denial-of-service (DoS) condition by corrupting memory.

Description

Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Francis Provencher · textremotemultiple
https://www.exploit-db.com/exploits/10093

This exploit targets a buffer overflow vulnerability in Adobe Shockwave Player via an overly long string passed to the PlayerVersion property. It triggers a denial-of-service (DoS) condition by corrupting memory.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Adobe Shockwave Player
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Francis Provencher · textdoswindows
https://www.exploit-db.com/exploits/9682

This is a writeup describing a stack overflow vulnerability in Adobe ShockWave Player (11.5.1.601) leading to a remote DoS. The document includes technical details such as the affected DLL, CLSID, and crash analysis but does not contain functional exploit code.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Theoretical
Target: Adobe ShockWave Player 11.5.1.601
No auth needed
Prerequisites: Target running Adobe ShockWave Player 11.5.1.601 on Windows XP with IE 6
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36905
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9682
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3134
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6530
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023123

Scores

EPSS 0.2041
EPSS Percentile 97.2%

Details

CWE
CWE-119
Status published
Products (41)
adobe/shockwave_player 1.0
adobe/shockwave_player 2.0
adobe/shockwave_player 3.0
adobe/shockwave_player 4.0
adobe/shockwave_player 5.0
adobe/shockwave_player 6.0
adobe/shockwave_player 8.0
adobe/shockwave_player 8.0.196
adobe/shockwave_player 8.0.196a
adobe/shockwave_player 8.0.204
... and 31 more
Published Sep 18, 2009
Tracked Since Feb 18, 2026