Adobe Shockwave Player <= Multiple Vulnerabilities (APSB09-16) (Mac OS X)

Critical Nessus Plugin ID 80170


The remote Mac OS X host contains a web browser plugin that is affected by multiple vulnerabilities.


The remote Mac OS X host contains a version of Adobe Shockwave Player that is or earlier. It is, therefore, affected by multiple vulnerabilities :

- An invalid index vulnerability allows code execution.

- Invalid pointer vulnerabilities that allow code execution. (CVE-2009-3464, CVE-2009-3465)

- An invalid string length vulnerability allows code execution. (CVE-2009-3466)

- A boundary condition issue allows a denial of service.


Upgrade to Adobe Shockwave version or later.

See Also

Plugin Details

Severity: Critical

ID: 80170

File Name: macosx_shockwave_player_apsb09_16.nasl

Version: $Revision: 1.3 $

Type: local

Agent: macosx

Published: 2014/12/22

Modified: 2016/11/28

Dependencies: 80169

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:shockwave_player

Required KB Items: installed_sw/Shockwave Player, Host/MacOSX/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/11/03

Vulnerability Publication Date: 2009/11/03

Reference Information

CVE: CVE-2009-3244, CVE-2009-3463, CVE-2009-3464, CVE-2009-3465, CVE-2009-3466

BID: 36905

OSVDB: 58209, 59699, 59700, 59701, 59702

CWE: 94, 119, 399