CVE-2009-4003

Name of the Vulnerable Software and Affected Versions Adobe Shockwave Player versions prior to 11.5.6.606

Description The issue is related to multiple integer overflows that can lead to the execution of arbitrary code. This can occur through various means, including an unspecified block type in a Shockwave file, which results in a heap-based buffer overflow, or through an unspecified 3D block in a Shockwave file, leading to memory corruption. Additionally, a crafted 3D model in a Shockwave file can cause heap memory corruption.

Recommendations For Adobe Shockwave Player versions prior to 11.5.6.606, update to version 11.5.6.606 or later to resolve the issue. As a temporary workaround, consider avoiding the use of unspecified block types and 3D blocks in Shockwave files, as well as crafted 3D models, until the update is applied.