Manage updates with the Download App
Adobe Shockwave Player Multiple Vulnerabilities
by Carol~ 
- 5/10/12 8:08 AM
In Reply to: VULNERABILITIES / FIXES - May 10, 2012 by Carol~
Release Date : 2012-05-09
Criticality level : Highly critical
Impact :System access
Where : From remote
Solution Status : Vendor Patch
Software: Adobe Shockwave Player 11.x
Description:
Multiple vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system.
1) An error within the IMLLib module when parsing a .dir (Adobe Director) file can be exploited to corrupt memory via a specially crafted file.
2) An error within the DPLib module when parsing a .dir file can be exploited to corrupt memory via a specially crafted file.
3) An error within the IMLLib module when parsing a .dir file can be exploited to corrupt memory via a specially crafted file.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are reported in versions 11.6.4.634 and prior for Windows and Macintosh.
Solution:
Update to version 11.6.5.635.
Provided and/or discovered by:
1 - 3) Rodrigo Rubira Branco, Qualys Vulnerability & Malware Research Labs.
4, 5) The vendor credits Honggang Ren, Fortinet's FortiGuard Labs.
Original Advisory:
Adobe (APSB12-13):
http://www.adobe.com/support/security/bulletins/apsb12-13.html
Rodrigo Rubira Branco:
https://community.qualys.com/docs/DOC-3513
https://community.qualys.com/docs/DOC-3514
https://community.qualys.com/docs/DOC-3515
http://secunia.com/advisories/49086/
Unread
Read
Locked thread
Moderator
CNET Staff
Samsung Staff
Norton Authorized Support Team
AVG Staff
avast! Staff
Webroot Support Team
Acer Customer Experience Team
Windows Outreach Team
Dell Staff
Intel Staff
Question
Resolved question
General discussion
Tip
Alert or warning
Praise
Rant