Executive Summary
Summary | |
---|---|
Title | Adobe Shockwave 11.5.9.615 contains multiple memory corruption vulnerabilities |
Informations | |||
---|---|---|---|
Name | VU#189929 | First vendor Publication | 2011-02-11 |
Vendor | VU-CERT | Last vendor Modification | 2011-02-11 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#189929Adobe Shockwave 11.5.9.615 contains multiple memory corruption vulnerabilitiesOverviewAdobe Shockwave Player 11.5.9.615 and earlier versions on the Windows and Macintosh operating systems contain critical vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionAdobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe Director. Shockwave Player is available as an ActiveX control for Internet Explorer and as a plug-in for other web browsers.Multiple vulnerabilities have been discovered in Shockwave Player and its Xtra components that can be exploited by an attacker to execute arbitrary code on a user's system. More details are available in Adobe Security Bulletin APSB11-01. These issues have been addressed in Adobe Shockwave Player 11.5.9.620. Please see Adobe Security Bulletin APSB11-01 for more details.
{233C1507-6A77-46A4-9443-F871F945D258}
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{166B1BCA-3F9C-11CF-8075-444553540000}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{166B1BCA-3F9C-11CF-8075-444553540000}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{233C1507-6A77-46A4-9443-F871F945D258}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{233C1507-6A77-46A4-9443-F871F945D258}] "Compatibility Flags"=dword:00000400 Vendor Information
Referenceshttp://www.cert.org/tech_tips/securing_browser/ These vulnerabilities were reported by Will Dormann of the CERT/CC. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/189929 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
80 % | CWE-20 | Improper Input Validation |
20 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-02-15 | Name : Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Feb 2011 File : nvt/gb_adobe_shockwave_player_mult_code_exec_vuln_feb11.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
73003 | Adobe Shockwave Player Unspecified Memory Corruption (2010-4093) |
73002 | Adobe Shockwave Player Input Validation Unspecified Arbitrary Code Execution |
73001 | Adobe Shockwave Player dirapi.dll Module Input Validation Unspecified Arbitra... |
73000 | Adobe Shockwave Player TextXtra Module Input Validation Unspecified Arbitrary... |
72999 | Adobe Shockwave Player 3d Asset Module Input Validation Unspecified Arbitrary... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-22 | Name : The remote Mac OS X host contains a web browser plugin that is affected by mu... File : macosx_shockwave_player_apsb11-01.nasl - Type : ACT_GATHER_INFO |
2011-02-10 | Name : The remote Windows host contains a web browser plugin that is affected by mul... File : shockwave_player_apsb11-01.nasl - Type : ACT_GATHER_INFO |