VUPEN Vulnerability Research Team discovered seven critical vulnerabilities in Adobe Shockwave Player. These vulnerabilities are caused due to memory corruptions, array indexing, heap overflows and invalid pointers when processing malformed files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Versions prior to 11.5.7.609 are affected.
350e0f3198e35fcf0c1c75b940682fbeffa174ddc0b609b86fc1a35c428f798eCode Audit Labs has discovered a vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Shockwave Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when the Shockwave player attempts to load a specially crafted Adobe Director File. When a malicious value is used during a memory dereference a possible 4-byte memory overwrite may occur. Exploitation can lead to remote system compromise under the credentials of the currently logged in user.
a0f77eecd2a1403c980cb9c466c4691d6c105d645ef19b2d595726c654d1d978Shockwave Player versions 11.5.6.606 and below from Adobe suffer from memory consumption / corruption and buffer overflow vulnerabilities that can aid the attacker in causing a denial of service scenario and arbitrary code execution. The vulnerable software fails to sanitize user input when processing .dir files resulting in a crash and overwrite of a few memory registers.
8ec4df5f63f6cfd2422941ca53290e7e3b28c5e09824a064172cf191aa1bea88
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed