Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities (Mac OS X) Network Vulnerability

Summary

This host is installed with Adobe Shockwave Player and is prone to multiple remote code execution vulnerabilities.

Impact

Successful exploitation will allow attackers to cause denial of service or execute arbitrary code by tricking a user into visiting a specially crafted web page. Impact Level: System/Application

Solution

Upgrade to Adobe Shockwave Player version 11.6.1.629 or later, For updates refer to http://get.adobe.com/shockwave/otherversions/

Insight

Multiple flaws are caused by memory corruptions errors in the IML32.dll, Dirapi.dll, Textra.x32 and msvcr90.dll component when processing malformed '.dir' media file.

Affected

Adobe Shockwave Player Versions prior to 11.6.1.629 on Mac OS X.

References

http://secunia.com/advisories/45584
http://www.adobe.com/support/security/bulletins/apsb11-19.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4308, CVE-2010-4309, CVE-2011-2419, CVE-2011-2420, CVE-2011-2421, CVE-2011-2422, CVE-2011-2423

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Windows)
Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
Adobe Flash Media Server multiple vulnerabilities

Take action and discover your vulnerabilities