Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Feb 2011 Network Vulnerability

Summary

This host is installed with Adobe Shockwave Player and is prone to multiple remote code execution vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Impact Level: Application.

Solution

Upgrade to Adobe Shockwave Player version 11.5.9.620 or later, For updates refer to http://get.adobe.com/shockwave/otherversions/

Insight

Multiple flaws are caused by input validation errors, memory corruptions, buffer and integer overflows, and use-after-free errors in the DIRAPI, IML32, TextXtra, 3d Asset, and Xtra.x32 modules when processing malformed Shockwave or Director files.

Affected

Adobe Shockwave Player Versions prior to 11.5.9.620 on Windows.

References

http://www.adobe.com/support/security/bulletins/apsb11-01.html
http://www.vupen.com/english/advisories/2011/0335

Updated on 2015-03-25

Severity

Classification

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Windows)
Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
3S CoDeSys CmpWebServer Multiple Vulnerabilities
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)

Take action and discover your vulnerabilities