Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасаности в Adobe Shockwave Player
дополнено с 11 февраля 2011 г.
Опубликовано:14 февраля 2011 г.
Источник:
SecurityVulns ID:11417
Тип:клиент
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти.
Затронутые продукты:ADOBE : Shockwave Player 11.5
CVE:CVE-2011-0569 (The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PFR1 chunk containing an invalid size value that leads to an unexpected sign extension and a buffer overflow, a different vulnerability than CVE-2011-0556.)
 CVE-2011-0557 (Integer overflow in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code via a Director movie with a large count value in 3D assets type 0xFFFFFF45 record, which triggers a "faulty allocation" and memory corruption.)
 CVE-2011-0556 (The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PFR1 chunk that leads to an unexpected sign extension and an invalid pointer dereference, a different vulnerability than CVE-2011-0569.)
 CVE-2011-0555 (The TextXtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a Director file with a crafted DEMX RIFF chunk that triggers incorrect buffer allocation, a different vulnerability than CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.)
 CVE-2010-4307 (Buffer overflow in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2010-4306 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, and CVE-2010-4192.)
 CVE-2010-4306 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, and CVE-2010-4192.)
 CVE-2010-4196 (The Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.)
 CVE-2010-4195 (The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.)
 CVE-2010-4194 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.)
 CVE-2010-4193 (Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.)
 CVE-2010-4192 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted 3D Assets 0xFFFFFF88 type record that triggers an incorrect memory allocation, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, and CVE-2010-4306.)
 CVE-2010-4191 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4192, and CVE-2010-4306.)
 CVE-2010-4190 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted CSWV RIFF chunk that causes an incorrect calculation of an offset for a substructure, wihch causes an out-of-bounds "seek" of heap memory, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.)
 CVE-2010-4189 (The IML32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie containing a GIF image with a crafted global color table size value, which causes an out-of-range pointer offset.)
 CVE-2010-4188 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk with a size field of 0, which is used in the calculation of a file offset and causes invalid data to be used as a loop counter, triggering a heap-based buffer overflow, a different vulnerability than CVE-2010-2587 and CVE-2010-2588.)
 CVE-2010-4187 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed chunk in a Director file, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.)
 CVE-2010-4093 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.)
 CVE-2010-4092 (Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 11.5.9.620 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an unloaded library. NOTE: some of these details are obtained from third party information.)
 CVE-2010-2589 (Integer overflow in the dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2010-2588 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2587 and CVE-2010-4188.)
 CVE-2010-2587 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2588 and CVE-2010-4188.)
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave DIRAPI LCTX Chunck Memory Corruption Vulnerability (APSB11-01) (14.02.2011)
 documentZDI, ZDI-11-080: Adobe Shockwave CSWV Chunk Substructure Offset Value Remote Code Execution Vulnerability (11.02.2011)
 documentZDI, ZDI-11-079: Adobe Shockwave Player 0xFFFFFF45 Record Count Element Remote Code Execution Vulnerability (11.02.2011)
 documentZDI, ZDI-11-078: Adobe Shockwave Player FFFFFF88 Record Count Element Remote Code Execution Vulnerability (11.02.2011)
 documentIDEFENSE, iDefense Security Advisory 02.08.11: Adobe Shockwave Player Memory Corruption Vulnerability (11.02.2011)
 documentZDI, TPTI-11-05: Adobe Shockwave PFR1 Font Chunk Parsing Remote Code Execution Vulnerability (11.02.2011)
 documentZDI, TPTI-11-04: Adobe Shockwave GIF Logical Screen Descriptor Parsing Remote Code Execution Vulnerability (11.02.2011)
 documentZDI, TPTI-11-03: Adobe Shockwave Font Xtra String Decoding Remote Code Execution Vulnerability (11.02.2011)
 documentZDI, TPTI-11-02: Adobe Shockwave TextXtra Invalid Seek Remote Code Execution Vulnerability (11.02.2011)
 documentZDI, TPTI-11-01: Adobe Shockwave dirapi.dll IFWV Trusted Offset Remote Code Execution Vulnerability (11.02.2011)
 documentADOBE, Security update available for Shockwave Player (11.02.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород