Secunia Security Advisory - Secunia Research has discovered eight vulnerabilities in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system.
926cae05aaa6921b5b526208b3725065757fdefbeac8f13a8bcb285624a9a2c4----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS
http://secunia.com/blog/71/
----------------------------------------------------------------------
TITLE:
Adobe Shockwave Player 3D Model Parsing Eight Vulnerabilities
SECUNIA ADVISORY ID:
SA37888
VERIFY ADVISORY:
http://secunia.com/advisories/37888/
DESCRIPTION:
Secunia Research has discovered eight vulnerabilities in Adobe
Shockwave Player, which can be exploited by malicious people to
compromise a user's system.
1) A boundary error in the processing of Shockwave 3D models can be
exploited to cause a heap-based buffer overflow via a specially
crafted Shockwave file.
2) Seven integer overflow errors in the processing of various block
types can be exploited to cause heap-based buffer overflows via
specially crafted Shockwave files.
Successful exploitation of the vulnerabilities allows execution of
arbitrary code.
The vulnerabilities are confirmed in version 11.5.2.602. Other
versions may also be affected.
SOLUTION:
Update to Shockwave version 11.5.6.606.
http://get.adobe.com/shockwave/
PROVIDED AND/OR DISCOVERED BY:
Alin Rad Pop, Secunia Research.
ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2009-61/
http://secunia.com/secunia_research/2009-62/
http://secunia.com/secunia_research/2009-63/
http://secunia.com/secunia_research/2010-1/
Adobe:
http://www.adobe.com/support/security/bulletins/apsb10-03.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed