---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Adobe Shockwave Player 3D Model Parsing Eight Vulnerabilities SECUNIA ADVISORY ID: SA37888 VERIFY ADVISORY: http://secunia.com/advisories/37888/ DESCRIPTION: Secunia Research has discovered eight vulnerabilities in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. 1) A boundary error in the processing of Shockwave 3D models can be exploited to cause a heap-based buffer overflow via a specially crafted Shockwave file. 2) Seven integer overflow errors in the processing of various block types can be exploited to cause heap-based buffer overflows via specially crafted Shockwave files. Successful exploitation of the vulnerabilities allows execution of arbitrary code. The vulnerabilities are confirmed in version 11.5.2.602. Other versions may also be affected. SOLUTION: Update to Shockwave version 11.5.6.606. http://get.adobe.com/shockwave/ PROVIDED AND/OR DISCOVERED BY: Alin Rad Pop, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2009-61/ http://secunia.com/secunia_research/2009-62/ http://secunia.com/secunia_research/2009-63/ http://secunia.com/secunia_research/2010-1/ Adobe: http://www.adobe.com/support/security/bulletins/apsb10-03.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------