Signature Detail
Short Name |
HTTP:STC:ADOBE:XFIR-LNAM |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Adobe Shockwave Player Lnam Chunk Processing Buffer Overflow |
Release Date |
2010/12/10 |
Update Number |
1831 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Adobe Shockwave Player Lnam Chunk Processing Buffer Overflow
This signature detects attemps to exploit a code execution vulnerability in Adobe Shockwave Player. It is due to a stack buffer overflow when processing maliciously crafted DIR files containing Lnam Chunks. A remote attacker can exploit this by enticing a target user to visit a maliciously crafted Web site. A successful attack can result in execution of arbitrary code within the security context of the currently logged on user. An unsuccessful attempt can terminate the affected application abnormally.
Extended Description
Adobe Shockwave Player is prone to a stack-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed attacks may cause a denial-of-service condition. Adobe Shockwave Player versions prior to 11.5.9.615 are vulnerable.
Affected Products
- Adobe Shockwave Player 11
- Adobe Shockwave Player 11.0.0.456
- Adobe Shockwave Player 11.5.0.595
- Adobe Shockwave Player 11.5.0.596
- Adobe Shockwave Player 11.5.0.600
- Adobe Shockwave Player 11.5.0.601
- Adobe Shockwave Player 11.5.1.601
- Adobe Shockwave Player 11.5.2.602
- Adobe Shockwave Player 11.5.2.606
- Adobe Shockwave Player 11.5.6.606
- Adobe Shockwave Player 11.5.7.609
- Adobe Shockwave Player 11.5.8.612
References
- BugTraq: 44516
- CVE: CVE-2010-3655