Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Feb 2011 Network Vulnerability

Summary

This host is installed with Adobe Shockwave Player and is prone to multiple remote code execution vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Impact Level: Application.

Solution

Upgrade to Adobe Shockwave Player version 11.5.9.620 or later, For updates refer to http://get.adobe.com/shockwave/otherversions/

Insight

Multiple flaws are caused by input validation errors, memory corruptions, buffer and integer overflows, and use-after-free errors in the DIRAPI, IML32, TextXtra, 3d Asset, and Xtra.x32 modules when processing malformed Shockwave or Director files.

Affected

Adobe Shockwave Player Versions prior to 11.5.9.620 on Windows.

References

http://www.adobe.com/support/security/bulletins/apsb11-01.html
http://www.vupen.com/english/advisories/2011/0335

Updated on 2015-03-25

Severity

Classification

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities - October 12 (Windows)
Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Windows)
Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)

Take action and discover your vulnerabilities