Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities May-10 Network Vulnerability

Summary

This host is installed with Adobe Shockwave Player and is prone to multiple remote code execution vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary code in the context of the affected application by tricking a user into visiting a specially crafted web page. Impact Level: Application.

Solution

Upgrade to Adobe Shockwave Player 11.5.7.609 http://get.adobe.com/shockwave/otherversions/

Insight

Multiple flaws are caused by memory corruption errors, integer and buffer overflows, array indexing, and signedness errors when processing malformed 'Shockwave' or 'Director' files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

Affected

Adobe Shockwave Player prior to 11.5.7.609 on Windows.

References

http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html
http://secunia.com/advisories/38751
http://www.adobe.com/support/security/bulletins/apsb10-12.html
http://www.vupen.com/english/advisories/2010/1128
http://www.zeroscience.mk/codes/shockwave_mem.txt
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php

Updated on 2015-03-25

Severity

Classification

Related Vulnerabilities

Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
Adobe Air Multiple Vulnerabilities - November12 (Windows)
Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
Adobe AIR Security Bypass Vulnerability Jan14 (Windows)
Adobe Acrobat Multiple Vulnerabilities - Windows

Take action and discover your vulnerabilities