Description
Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Francis Provencher · textremotemultiple
https://www.exploit-db.com/exploits/10093
exploitdb
WRITEUP
VERIFIED
by Francis Provencher · textdoswindows
https://www.exploit-db.com/exploits/9682
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36905
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/9682
Various Sources x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb09-16.html
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3134
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6530
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1023123
Scores
EPSS
0.4157
EPSS Percentile
97.4%
Details
CWE
CWE-119
Status
published
Products (41)
adobe/shockwave_player
1.0
adobe/shockwave_player
2.0
adobe/shockwave_player
3.0
adobe/shockwave_player
4.0
adobe/shockwave_player
5.0
adobe/shockwave_player
6.0
adobe/shockwave_player
8.0
adobe/shockwave_player
8.0.196
adobe/shockwave_player
8.0.196a
adobe/shockwave_player
8.0.204
... and 31 more
Published
Sep 18, 2009
Tracked Since
Feb 18, 2026