CVE-2009-1860 - OpenCVE

Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Adobe	Shockwave Player

Configuration 1 [-]

OR	cpe:2.3:a:adobe:shockwave_player::::::::
	cpe:2.3:a:adobe:shockwave_player:1.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:2.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:3.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:4.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:5.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:6.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:8.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:8.5.1:::::::*
	cpe:2.3:a:adobe:shockwave_player:9:::::::*
	cpe:2.3:a:adobe:shockwave_player:10.1.0.11:::::::*
	cpe:2.3:a:adobe:shockwave_player:11.5.0.595:::::::*

References

Link	Resource
http://secunia.com/advisories/35544	Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb09-08.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/35469
http://www.securitytracker.com/id?1022440

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-06-24T22:00:00

Updated: 2009-06-30T09:00:00

Reserved: 2009-06-01T00:00:00

Link: CVE-2009-1860

JSON object: View

NVD Information

Status : Modified

Published: 2009-06-25T01:30:01.703

Modified: 2009-07-02T03:31:29.157

Link: CVE-2009-1860

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-06-23T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-06-30T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1022440", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022440"}, {"name": "35544", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35544"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb09-08.html"}, {"name": "35469", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35469"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1860", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1022440", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022440"}, {"name": "35544", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35544"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb09-08.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb09-08.html"}, {"name": "35469", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35469"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1860", "datePublished": "2009-06-24T22:00:00", "dateReserved": "2009-06-01T00:00:00", "dateUpdated": "2009-06-30T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "2ACBD5E4-ED8C-4CCB-B71F-96F1B3B8CF20", "versionEndIncluding": "11.5.0.596", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BA5643BC-12F8-4F05-A363-9FC97EF1DD0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "085FA7DD-8048-4768-816C-82828022FCF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E0DC258D-1C2B-4A7F-AD80-6C88A7A78A5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "966A8542-E5E1-468F-989E-47F71123A426", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "4DC1BCC0-B24B-4CFC-B3B9-FA3B0D968CC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFFDAAB3-CC22-4604-80B3-4A54CCEFD29E", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "A77F1733-6755-44E7-8ECC-CFB397FC79A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "AC55CB2C-4DBC-4D16-96A7-FB3316A21D51", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "matchCriteriaId": "17F5982F-35BD-49A0-9DBE-774816136D57", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "D18289BB-6568-4671-BC70-C8744DD2E0C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "matchCriteriaId": "C61B9485-2A42-4C95-9A10-3F1102E4EBBD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en Adobe Shockwave Player anterior a v11.5.0.600 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de contenido Shockwave Player 10 manipulado."}], "id": "CVE-2009-1860", "lastModified": "2009-07-02T03:31:29.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-06-25T01:30:01.703", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35544"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.adobe.com/support/security/bulletins/apsb09-08.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35469"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022440"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}