Internet threat level: 1
Home→Descriptions→SA45584
Adobe Shockwave Player Multiple Vulnerabilities
| Secunia ID | |
| CVE-ID |
CVE-2010-4308, CVE-2010-4309, CVE-2011-2419, CVE-2011-2420, CVE-2011-2421, CVE-2011-2422, CVE-2011-2423 |
| Release Date |
10 Aug 2011 |
| Last Change |
02 Dec 2011 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Adobe Shockwave Player 11.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
Multiple vulnerabilities have been reported in Shockwave Player, which can be exploited by malicious people to compromise a user' system. 1) An unspecified error can be exploited to corrupt memory. 2) An unspecified error can be exploited to corrupt memory. 3) An error within IML32.dll when parsing DEMX chunks from director files can be exploited to corrupt memory. 4) An unspecified error can be exploited to corrupt memory. 5) An error within Dirapi.dll when parsing a certain field in a dir file can be exploited to corrupt memory. 6) Missing check of a return value within a function in TextXtra.x32 when parsing XMED chunk data can be exploited to cause a heap-based buffer overflow. 7) An unspecified error in the bundled version of msvcr90.dll can be exploited to corrupt memory. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in version 11.6.0.626 and prior for Windows and Macintosh. |
| Solution |
Update to version 11.6.1.629. |
| Reported by |
3) Logan Brown, TippingPoint DVLabs The vendor credits: |
| Original Advisory |
Adobe (APSB11-19) FortiGuard Labs: TippingPoint DVLabs: |
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.