Strix
26.1K

CVE-2009-4002

UnknownEPSS 8.67%

Last modified

CVE-2009-4002 is a vulnerability of currently unknown severity. Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file.. EPSS estimates a 8.67% chance of exploitation in the next 30 days.

Description

Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file.

Metrics

EPSS Probability
8.67%

94.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AdobeShockwave Player<= 11.5.2.602
AdobeShockwave Player1.0
AdobeShockwave Player2.0
AdobeShockwave Player3.0
AdobeShockwave Player4.0
AdobeShockwave Player5.0
AdobeShockwave Player6.0
AdobeShockwave Player8.0
AdobeShockwave Player8.5.1
AdobeShockwave Player9
AdobeShockwave Player10.1.0.11
AdobeShockwave Player11.0.0.456
AdobeShockwave Player11.5.0.595
AdobeShockwave Player11.5.0.596
AdobeShockwave Player11.5.1.601

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2009-4002?
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file.
How severe is CVE-2009-4002?
Severity scoring for CVE-2009-4002 is pending analysis. The EPSS model estimates a 8.67% probability of exploitation in the next 30 days.
How do I fix CVE-2009-4002?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-4002?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST