Signature Detail
Short Name |
HTTP:STC:ADOBE:SHOCKWAVE-OOB |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Adobe Shockwave Player rcsL Chunk Parsing Out of Bounds Array Indexing |
Release Date |
2012/06/20 |
Update Number |
2154 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Adobe Shockwave Player rcsL Chunk Parsing Out of Bounds Array Indexing
A code execution vulnerability has been reported in Adobe Shockwave Player. The vulnerability is due to an error while parsing crafted data in an rcsL RIFF chunk of a DIR file. An attacker can exploit this vulnerability by enticing a user to process a malicious file, which can result in remote code execution under the security context of the current user.
Extended Description
Adobe Shockwave Player is prone to multiple memory corruption vulnerabilities. Attackers can exploit these issues to crash the affected application and execute arbitrary code within the context of the affected application. Versions prior to Adobe Shockwave Player 11.6.4.634 are vulnerable.
Affected Products
- Adobe Shockwave Player 11
- Adobe Shockwave Player 11.0.0.456
- Adobe Shockwave Player 11.0.3.471
- Adobe Shockwave Player 11.5.0.595
- Adobe Shockwave Player 11.5.0.596
- Adobe Shockwave Player 11.5.0.600
- Adobe Shockwave Player 11.5.0.601
- Adobe Shockwave Player 11.5.1.601
- Adobe Shockwave Player 11.5.2.602
- Adobe Shockwave Player 11.5.2.606
- Adobe Shockwave Player 11.5.6.606
- Adobe Shockwave Player 11.5.7.609
- Adobe Shockwave Player 11.5.8.612
- Adobe Shockwave Player 11.5.9.615
- Adobe Shockwave Player 11.5.9.620
- Adobe Shockwave Player 11.6.0.626
- Adobe Shockwave Player 11.6.3.633
References
- BugTraq: 53420
- CVE: CVE-2012-2031