Signature Detail

HTTP: Adobe Director file Multiple Record Memory Corruption

This signature detects attempts to exploit a known vulnerability against Adobe Director file. A successful attack can lead to memory corruption and arbitrary code execution.

Extended Description

IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x320D of a certain file.

Affected Products

• adobe shockwave_player 1.0
• adobe shockwave_player 10.0.0.210
• adobe shockwave_player 10.0.1.004
• adobe shockwave_player 10.1.0.011
• adobe shockwave_player 10.1.0.11
• adobe shockwave_player 10.1.1.016
• adobe shockwave_player 10.1.4.020
• adobe shockwave_player 10.2.0.021
• adobe shockwave_player 10.2.0.022
• adobe shockwave_player 10.2.0.023
• adobe shockwave_player 11.0.0.456
• adobe shockwave_player 11.0.3.471
• adobe shockwave_player 11.5.0.595
• adobe shockwave_player 11.5.0.596
• adobe shockwave_player 11.5.1.601
• adobe shockwave_player 11.5.2.602
• adobe shockwave_player 11.5.6.606
• adobe shockwave_player 2.0
• adobe shockwave_player 3.0
• adobe shockwave_player 4.0
• adobe shockwave_player 5.0
• adobe shockwave_player 6.0
• adobe shockwave_player 8.0
• adobe shockwave_player 8.0.196
• adobe shockwave_player 8.0.196a
• adobe shockwave_player 8.0.204
• adobe shockwave_player 8.0.205
• adobe shockwave_player 8.5.1
• adobe shockwave_player 8.5.1.100
• adobe shockwave_player 8.5.1.103
• adobe shockwave_player 8.5.1.105
• adobe shockwave_player 8.5.1.106
• adobe shockwave_player 8.5.321
• adobe shockwave_player 8.5.323
• adobe shockwave_player 8.5.324
• adobe shockwave_player 8.5.325
• adobe shockwave_player 9
• adobe shockwave_player 9.0.383
• adobe shockwave_player 9.0.432
• adobe shockwave_player up to 11.5.7.609

References

• CVE: CVE-2010-2869
• CVE: CVE-2010-2868