Adobe Shockwave Player Buffer and Integer Overflow Vulnerabilities
Last Update Date:
28 Jan 2011
Release Date:
21 Jan 2010
5357
Views
RISK: Medium Risk
Multiple vulnerabilities have been identified in Adobe Shockwave Player, which could be exploited by remote attackers to compromise a vulnerable system. These issues are caused by buffer and integer overflow errors when processing Shockwave files or 3D models, which could be exploited to execute arbitrary code by tricking a user into visiting a specially crafted web page.
Impact
- Remote Code Execution
System / Technologies affected
- Adobe Director 11.x
- Adobe Shockwave Player 11.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to Adobe Shockwave Player version 11.5.6.606 :
http://get.adobe.com/shockwave/
Vulnerability Identifier
Source
Related Link
- http://www.vupen.com/english/advisories/2010/0171
- http://secunia.com/advisories/37888/
- http://secunia.com/secunia_research/2009-61/
- http://secunia.com/secunia_research/2009-62/
- http://secunia.com/secunia_research/2009-63/
- http://secunia.com/secunia_research/2010-1/
- http://www.adobe.com/support/security/bulletins/apsb10-03.html
Share with