Internet threat level: 1
Home→Descriptions→SA49086
Adobe Shockwave Player Multiple Vulnerabilities
| Secunia ID | |
| CVE-ID |
CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, CVE-2012-2032, CVE-2012-2033 |
| Release Date |
09 May 2012 |
| Last Change |
10 May 2012 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Adobe Shockwave Player 11.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
Multiple vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. 1) An error within the IMLLib module when parsing a .dir (Adobe Director) file can be exploited to corrupt memory via a specially crafted file. 2) An error within the DPLib module when parsing a .dir file can be exploited to corrupt memory via a specially crafted file. 3) An error within the IMLLib module when parsing a .dir file can be exploited to corrupt memory via a specially crafted file. 4) Another unspecified error can be exploited to corrupt memory. 5) Another unspecified error can be exploited to corrupt memory. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in versions 11.6.4.634 and prior for Windows and Macintosh. |
| Solution |
Update to version 11.6.5.635. |
| Reported by |
1 - 3) Rodrigo Rubira Branco, Qualys Vulnerability & Malware Research Labs. |
| Original Advisory |
Adobe (APSB12-13): Rodrigo Rubira Branco: |
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.