Multiple vulnerabilities in Adobe Shockwave Player

Posted: October 25, 2012 in Vulnerabilities
Tags: , , , ,

Vulnerability

Adobe Shockwave Player

Vulnerability: Multiple vulnerabilities in Adobe Shockwave Player

Severity level: High
Patch existence: Yes
Quantity of vulnerabilities: 6

Impact: System compromise

Vulnerable products: Adobe Shockwave Player 11.x

Vulnerable versions: Adobe Shockwave Player 11.6.7.637 and earlier versions for Windows and Mac.

CVE ID: CVE-2012-4172
CVE-2012-4173
CVE-2012-4174
CVE-2012-4175
CVE-2012-4176
CVE-2012-5273

Description:

The found vulnerabilities allow the removed user to execute any code on target system.

1. Vulnerability exists because of an unknown mistake. The removed user can cause overflow of the buffer and compromise target system.

2. Vulnerability exists because of an unknown mistake. The removed user can cause overflow of the buffer and compromise target system.

3. Vulnerability exists because of an unknown mistake. The removed user can cause overflow of the buffer and compromise target system.

4. Vulnerability exists because of an unknown mistake. The removed user can cause overflow of the buffer and compromise target system.

5. Vulnerability exists because of an unknown mistake. The removed user can cause overflow of the buffer and compromise target system.

6. Vulnerability exists because of an unknown mistake. The removed user can cause damage of memory and compromise target system.

Manufacturer: Adobe Systems Inc.

Solution: Establish the last version 11.6.8.638 from a site of the producer.

Links:

http://www.adobe.com/support/security/bulletins/apsb12-23.html
http://www.kb.cert.org/vuls/id/872545

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s