F-Secure
Tools
Adobe Shockwave Player Multiple Vulnerabilities
| Report ID: | SA200905955 |
| Source: | F-Secure |
| Date of Discovery: | 05.11.2009 |
| Criticality: | Urgent |
| Affects: | Adobe Shockwave Player version 11.5.1.601 and prior. |
| Compromise From: | From remote |
| Compromise Type: | System access |
Summary
Multiple vulnerabilities have been reported in Adobe Shockwave Player, which if exploited can allow an attacker to compromise a user's system.
Detailed Description
The vulnerabilities reported involve errors in:
1) The use of an invalid index
2) The use of an invalid pointer
3) Processing string lengths, causing memory corruption
An attacker can exploit the above vulnerabilities using specially crafted Shockwave content in order to execute arbitrary code on the user's machine.
A boundary error was also reported, which could result in a crash.
2) The use of an invalid pointer
3) Processing string lengths, causing memory corruption
An attacker can exploit the above vulnerabilities using specially crafted Shockwave content in order to execute arbitrary code on the user's machine.
A boundary error was also reported, which could result in a crash.
Solution
Original Reference
-