Short Name |
HTTP:STC:ADOBE:SHOCKWAVE-OOB |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Adobe Shockwave Player rcsL Chunk Parsing Out of Bounds Array Indexing |
Release Date |
2012/06/20 |
Update Number |
2154 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
A code execution vulnerability has been reported in Adobe Shockwave Player. The vulnerability is due to an error while parsing crafted data in an rcsL RIFF chunk of a DIR file. An attacker can exploit this vulnerability by enticing a user to process a malicious file, which can result in remote code execution under the security context of the current user.
Adobe Shockwave Player is prone to multiple memory corruption vulnerabilities. Attackers can exploit these issues to crash the affected application and execute arbitrary code within the context of the affected application. Versions prior to Adobe Shockwave Player 11.6.4.634 are vulnerable.