Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities (Mac OS X) Network Vulnerability

Summary

This host is installed with Adobe Shockwave Player and is prone to multiple remote code execution vulnerabilities.

Impact

Successful exploitation will allow attackers to cause denial of service or execute arbitrary code by tricking a user into visiting a specially crafted web page. Impact Level: System/Application

Solution

Upgrade to Adobe Shockwave Player version 11.6.1.629 or later, For updates refer to http://get.adobe.com/shockwave/otherversions/

Insight

Multiple flaws are caused by memory corruptions errors in the IML32.dll, Dirapi.dll, Textra.x32 and msvcr90.dll component when processing malformed '.dir' media file.

Affected

Adobe Shockwave Player Versions prior to 11.6.1.629 on Mac OS X.

References

http://secunia.com/advisories/45584
http://www.adobe.com/support/security/bulletins/apsb11-19.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4308, CVE-2010-4309, CVE-2011-2419, CVE-2011-2420, CVE-2011-2421, CVE-2011-2422, CVE-2011-2423

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
Adobe Air Multiple Vulnerabilities - October 12 (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Mac OS X)
Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)

Take action and discover your vulnerabilities