Threat Monitor
Troj.Downloader.VBS.Psyme.qn
| Aliases: | |
|---|---|
| Pattern: | 200911131330 |
| Threat Type | Propagation Methods | Systems Affected | Risk Level |
|---|---|---|---|
|
|
|
This malicious program exploits vulnerability CVE-2009-3244.
Adobe Shockwave Player is a multimedia player application. The Shockwave Player ActiveX control with CLSID:233C1507-6A77-46A4-9443-F871F945D258 is prone to a heap-based buffer overflow vulnerability. The vulnerability is caused due to an error in the SwDir.dll ActiveX control in Adobe Shockwave Player. The issue is triggered when excessive data is passed to the 'Player Version' property of the control. By persuading a victim to visit a specially-crafted Web page, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Affected Version: Adobe Shockwave Player 11.5.1.601
Adobe Shockwave Player is a multimedia player application. The Shockwave Player ActiveX control with CLSID:233C1507-6A77-46A4-9443-F871F945D258 is prone to a heap-based buffer overflow vulnerability. The vulnerability is caused due to an error in the SwDir.dll ActiveX control in Adobe Shockwave Player. The issue is triggered when excessive data is passed to the 'Player Version' property of the control. By persuading a victim to visit a specially-crafted Web page, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Affected Version: Adobe Shockwave Player 11.5.1.601
