Adobe Shockwave Player Multiple Vulnerabilities

Secunia ID	SA50283
CVE-ID	CVE-2012-2043, CVE-2012-2044, CVE-2012-2045, CVE-2012-2046, CVE-2012-2047
Release Date	14 Aug 2012
Criticality	Highly Critical
Solution Status	Vendor Patch
Software	Adobe Shockwave Player 11.x
Where	From remote
Impact	System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description	Multiple vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error can be exploited to corrupt memory. No more information is currently available. 2) An unspecified error can be exploited to corrupt memory. No more information is currently available. 3) An unspecified error can be exploited to corrupt memory. No more information is currently available. 4) An unspecified error can be exploited to corrupt memory. No more information is currently available. 5) An unspecified error can be exploited to corrupt memory. No more information is currently available. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in version 11.6.5.635 and earlier for Windows and Macintosh.
Solution	Update to version 11.6.6.636. http://get.adobe.com/shockwave/
Reported by	1-3) The vendor credits Honggang Ren, Fortinet's FortiGuard Labs. 4) The vendor credits suto. 5) The vendor credits Will Dormann, CERT.
Original Advisory	Adobe: http://www.adobe.com/support/security/bulletins/apsb12-17.html

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.