CERT-In Advisory CIAD-2010-34
Multiple Vulnerabilities in Adobe Shockwave Player

Original issue date: May 14, 2010

Severity Rating: High

Systems Affected

• Adobe Shockwave Player 11.5.6.606 and earlier versions for Windows and Macintosh

Overview

Multiple vulnerabilities have been reported in Adobe Shockwave Player, which could allow a remote attacker to execute an arbitrary code, cause denial of service condition or compromise the affected system .

Description

1. Shockwave 3D blocks processing Memory corruption     Vulnerability ( CVE-2010-0127 )

This vulnerability is caused due to a boundary error while processing FFFFFF45h Shockwave 3D blocks in Adobe Shockwave Player. A remote attacker could exploit this vulnerability via a specially crafted Shockwave 3D blocks to trigger memory corruption error.

2. Multiple Memory corruption   Vulnerabilities
    (CVE-2010-0128 , CVE-2010-0129 , CVE-2010-0130 ,
    CVE-2010-0986)

These vulnerabilities are caused due to a signedness, array indexing, integer overflow and asset entries processing errors when processing Director files in Adobe Shockwave Player. A remote attacker could exploit this vulnerability via a specially crafted Director files to trigger a memory corruption error.

3. Embedded fonts processing Heap-based buffer overflow     Vulnerability ( CVE-2010-0987 )

This vulnerability is caused due to a boundary error when processing embedded fonts in Adobe Shockwave Player. A remote attacker could exploit this vulnerability via a specially crafted Director files to trigger a heap-based buffer overflow error.

4. Multiple Memory corruption   Vulnerabilities
    ( CVE-2010-1280 , CVE-2010-1281 , CVE-2010-1283 ,
    CVE-2010-1284 , CVE-2010-1286 , CVE-2010-1287 ,
    CVE-2010-1289 , CVE-2010-1290 , CVE-2010-1291 ,
    CVE-2010-1292 )

Multiple Memory corruption Vulnerabilities have been reported in Adobe Shockwave Player due to some unspecified errors. A remote attacker could exploit these vulnerabilities via a specially crafted Shockwave content to trigger memory corruption errors.

Successful exploitation of the above vulnerabilities could allow a remote attacker to execute an arbitrary code.

5. ATOM Size infinite loop Denial of Service Vulnerability
    ( CVE-2010-1282 )

This vulnerability is caused due to a an infinite loop error when processing ATOM Size in Adobe Shockwave Player. A remote attacker could exploit this vulnerability via a specially crafted Shockwave content to cause denial of service condition.

6. Buffer Overflow Vulnerability ( CVE-2010-1288 )

This vulnerability is caused due to an unspecified error in Adobe Shockwave Player. A remote attacker could exploit this vulnerability via a specially crafted Shockwave content to trigger a buffer overflow error. Successful exploitation of this vulnerability could allow a remote attacker to execute an arbitrary code or cause Denial of Service (DoS) condition.

Solution

Update to Adobe Shockwave Player 11.5.7.609
http://get.adobe.com/shockwave/

Vendor Information

Adobe
http://www.adobe.com/support/security/bulletins/apsb10-12.html


References

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003