Adobe Shockwave Player Multiple Vulnerabilities Nov-10 Network Vulnerability

Summary

This host is installed with Adobe Shockwave Player and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary code by tricking a user into visiting a specially crafted web page Impact Level: Application.

Solution

Upgrade to Adobe Shockwave Player 11.5.9.615 For updates refer to http://get.adobe.com/shockwave/

Insight

The multiple flaws are caused by memory corruptions and buffer overflow errors in the 'DIRAPI.dll' and 'IML32.dll' modules when processing malformed Shockwave or Director files.

Affected

Adobe Shockwave Player prior to 11.5.9.615 on Windows

References

http://www.adobe.com/support/security/bulletins/apsb10-25.html
http://www.vupen.com/english/advisories/2010/2826

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2581, CVE-2010-2582, CVE-2010-3653, CVE-2010-3655, CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, CVE-2010-4087, CVE-2010-4088, CVE-2010-4089, CVE-2010-4090

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)
Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
Adobe AIR Security Bypass Vulnerability Jan14 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Dec13 (Windows)

Take action and discover your vulnerabilities