Secunia
Login
|
|
|
|
|
|
|
|
|
Adobe Shockwave Player Multiple Vulnerabilities
Release Date: 2012-10-24 Views: 7,878
Secunia Advisory SA51090
Where:
From remote
Impact:
System access,
Solution Status:
Vendor Patch
CVE Reference(s):
Description
Multiple vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system.
1) An unspecified error can be exploited to cause a buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to cause a buffer overflow.
4) An unspecified error can be exploited to cause a buffer overflow.
5) An unspecified error can be exploited to cause a buffer overflow.
6) An array-indexing error can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code by tricking a user into viewing specially crafted Director content.
The vulnerabilities are reported in versions 11.6.7.637 and prior for Windows and Macintosh.
Solution:
Update to version 11.6.8.638.
Further details available to Secunia VIM customers
Provided and/or discovered by:
1, 2, 3, 4, 6) Will Dormann, CERT/CC.
5) The vendor credits Honggang Ren, Fortinet's FortiGuard Labs.
Original Advisory:
Adobe:
http://www.adobe.com/support/security/bulletins/apsb12-23.html
US-CERT VU#872545:
http://www.kb.cert.org/vuls/id/872545
Deep Links:
Links available to Secunia VIM customers
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
Subject: Adobe Shockwave Player Multiple Vulnerabilities
|
No posts yet |
|
You must be logged in to post a comment. |
