1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA200905955

Adobe Shockwave Player Multiple Vulnerabilities

Report ID: SA200905955
Source: Secunia
Date of Discovery: 05.11.2009
Criticality: Urgent
Affects:
Adobe Shockwave Player 11.x
Compromise From: From remote
Compromise Type: System access

Summary

Some vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system

Detailed Description

Some vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system.

1) An error related to the use of an invalid index can be exploited to potentially execute arbitrary code via specially crafted Shockwave content.

2) An error related to the use of an invalid pointer can be exploited to potentially execute arbitrary code via specially crafted Shockwave content.

3) Another error related to the use an invalid pointer can be exploited to potentially execute arbitrary code via specially crafted Shockwave content.

4) An error when processing string lengths can be exploited to cause a memory corruption and potentially execute arbitrary code.

NOTE: A boundary error which results in a crash was also reported.

The vulnerabilities are reported in version 11.5.1.601 and prior.

Solution

Update to version 11.5.2.602:
http://get.adobe.com/shockwave/