Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Adobe Shockwave
дополнено с 12 мая 2010 г.
Опубликовано:21 мая 2010 г.
Источник:
SecurityVulns ID:10828
Тип:клиент
Уровень опасности:
9/10
Описание:Многочисленные переполнения буфера, целочисленные переполнения, повреждения памяти, выполнение кода.
Затронутые продукты:ADOBE : Shockwave Player 11.5
CVE:CVE-2010-1292 (The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.)
 CVE-2010-1291 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1290.)
 CVE-2010-1290 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291.)
 CVE-2010-1289 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291.)
 CVE-2010-1288 (Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2010-1287 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.)
 CVE-2010-1286 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.)
 CVE-2010-1284 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.)
 CVE-2010-1283 (Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.)
 CVE-2010-1282 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.)
 CVE-2010-1281 (iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.)
 CVE-2010-1280 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.)
 CVE-2010-0987 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.)
 CVE-2010-0986 (Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.)
 CVE-2010-0130 (Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.)
 CVE-2010-0130 (Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.)
 CVE-2010-0129 (Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.)
 CVE-2010-0129 (Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.)
 CVE-2010-0128 (Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.)
 CVE-2010-0128 (Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.)
 CVE-2010-0127 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.)
 CVE-2010-0127 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.)
Оригинальный текстdocumentmac68k_(at)_gmail.com, [Kil13r-SA-20100513] Adobe Flash Player 10.0 Denial Of Service Vulnerability (21.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Array Indexing Vulnerability (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Signedness Error Vulnerability (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player 3D Parsing Memory Corruption (12.05.2010)
 documentIDEFENSE, iDefense Security Advisory 05.11.10: Abobe Shockwave Player Heap Memory Indexing Vulnerability (12.05.2010)
 documentvulnhunt_(at)_gmail.com, [CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite (12.05.2010)
 documentADOBE, Security update available for Shockwave Player (12.05.2010)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2010-0405] Adobe Director Invalid Read (12.05.2010)
 documentZDI, ZDI-10-089: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability (12.05.2010)
 documentZDI, ZDI-10-087: Adobe Shockwave Invalid Offset Memory Corruption Remote Code Execution Vulnerability (12.05.2010)
 documentZDI, ZDI-10-088: Adobe Shockwave Player 3D Parsing Memory Corruption Vulnerability (12.05.2010)
 documentvulnhunt_(at)_gmail.com, [CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability (12.05.2010)
 documentvulnhunt_(at)_gmail.com, [CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability (12.05.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород