Executive Summary

Summary
Title Adobe Shockwave 11.5.9.615 contains multiple memory corruption vulnerabilities
Informations
Name VU#189929 First vendor Publication 2011-02-11
Vendor VU-CERT Last vendor Modification 2011-02-11
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#189929

Adobe Shockwave 11.5.9.615 contains multiple memory corruption vulnerabilities

Overview

Adobe Shockwave Player 11.5.9.615 and earlier versions on the Windows and Macintosh operating systems contain critical vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description

Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe Director. Shockwave Player is available as an ActiveX control for Internet Explorer and as a plug-in for other web browsers.

Multiple vulnerabilities have been discovered in Shockwave Player and its Xtra components that can be exploited by an attacker to execute arbitrary code on a user's system. More details are available in Adobe Security Bulletin APSB11-01.

II. Impact

By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), Microsoft Office document, or any other document that supports embedded Shockwave content, an attacker may be able to execute arbitrary code

III. Solution

Apply an update

These issues have been addressed in Adobe Shockwave Player 11.5.9.620. Please see Adobe Security Bulletin APSB11-01 for more details.

Limit access to Director files

Restricting the handling of untrusted Director content may help mitigate this vulnerability. See Securing Your Web Browser for more information. Consider using the NoScript extension to whitelist web sites that can run Shockwave Player in Mozilla browsers such as Firefox. See the NoScript FAQ for more information.

Disable the Shockwave Player ActiveX control in Internet Explorer

The Shockwave Player ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSIDs:

    {166B1BCA-3F9C-11CF-8075-444553540000}
    {233C1507-6A77-46A4-9443-F871F945D258}
More information about how to set the kill bit is available in Microsoft Support Document 240797.Alternatively, the following text can be saved as a .REG file and imported to set the kill bit for this control:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{166B1BCA-3F9C-11CF-8075-444553540000}]
    "Compatibility Flags"=dword:00000400
    [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{166B1BCA-3F9C-11CF-8075-444553540000}]
    "Compatibility Flags"=dword:00000400

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{233C1507-6A77-46A4-9443-F871F945D258}]
    "Compatibility Flags"=dword:00000400
    [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{233C1507-6A77-46A4-9443-F871F945D258}]
    "Compatibility Flags"=dword:00000400

Vendor Information

VendorStatusDate NotifiedDate Updated
AdobeUnknown2010-10-272010-10-27

References

http://www.cert.org/tech_tips/securing_browser/
http://www.adobe.com/support/security/bulletins/apsb11-01.html

Credit

These vulnerabilities were reported by Will Dormann of the CERT/CC.

This document was written by Will Dormann.

Other Information

Date Public:2011-02-08
Date First Published:2011-02-11
Date Last Updated:2011-02-11
CERT Advisory: 
CVE-ID(s):CVE-2010-4093CVE-2010-4193CVE-2010-4194CVE-2010-4195CVE-2010-4196
NVD-ID(s):CVE-2010-4093CVE-2010-4193CVE-2010-4194CVE-2010-4195CVE-2010-4196
US-CERT Technical Alerts: 
Severity Metric:7.65
Document Revision:7

Original Source

Url : http://www.kb.cert.org/vuls/id/189929

CWE : Common Weakness Enumeration

% Id Name
80 % CWE-20 Improper Input Validation
20 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 45

OpenVAS Exploits

Date Description
2011-02-15 Name : Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Feb 2011
File : nvt/gb_adobe_shockwave_player_mult_code_exec_vuln_feb11.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
73003 Adobe Shockwave Player Unspecified Memory Corruption (2010-4093)
73002 Adobe Shockwave Player Input Validation Unspecified Arbitrary Code Execution
73001 Adobe Shockwave Player dirapi.dll Module Input Validation Unspecified Arbitra...
73000 Adobe Shockwave Player TextXtra Module Input Validation Unspecified Arbitrary...
72999 Adobe Shockwave Player 3d Asset Module Input Validation Unspecified Arbitrary...

Nessus® Vulnerability Scanner

Date Description
2014-12-22 Name : The remote Mac OS X host contains a web browser plugin that is affected by mu...
File : macosx_shockwave_player_apsb11-01.nasl - Type : ACT_GATHER_INFO
2011-02-10 Name : The remote Windows host contains a web browser plugin that is affected by mul...
File : shockwave_player_apsb11-01.nasl - Type : ACT_GATHER_INFO