Vulnerabilities > CVE-2009-1860 - Remote Code Execution vulnerability in Adobe Shockwave Player Director File Parsing
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content.
Vulnerable Configurations
Nessus
| NASL family | Windows |
| NASL id | SHOCKWAVE_PLAYER_APSB09_08.NASL |
| description | The remote Windows host contains a version of Adobe |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 39564 |
| published | 2009-06-28 |
| reporter | This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/39564 |
| title | Shockwave Player Crafted Director File Handling Remote Code Execution (APSB09-08) |
Seebug
| bulletinFamily | exploit |
| description | Bugraq ID: 35469 CVE ID:CVE-2009-1860 Adobe Shockwave Player是一款用于播放使用Director Shockwave Studio制作的网页的外挂软件。 Adobe Shockwave Player处理Director文件存在一个严重的安全问题,远程攻击者可以利用漏洞完全控制受此漏洞影响的系统。 当Shockwave player尝试装载特殊构建的Director文件时,在内存引用时恶意值可覆盖4字节内存,导致以登录用户进程权限执行任意指令。 Adobe Shockwave Player 11.5 596 升级到Adobe Shockwave Player 11.5 600版本: <a href="http://get.adobe.com/shockwave/" target="_blank" rel=external nofollow>http://get.adobe.com/shockwave/</a> |
| id | SSV:11702 |
| last seen | 2017-11-19 |
| modified | 2009-06-25 |
| published | 2009-06-25 |
| reporter | Root |
| title | Adobe Shockwave Player Director文件解析远程代码执行漏洞 |