[PCWorks] Adobe Shockwave Player Multiple Vulnerabilities

• From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
• To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
• Date: Thu, 26 Aug 2010 00:36:26 -0500

TITLE:
Adobe Shockwave Player Multiple Vulnerabilities

Criticality level:  Highly critical
Impact:  System access
Where:  From remote

http://secunia.com/advisories/41065/

DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Shockwave
Player, which can be exploited by malicious people to
compromise a
user's system.

1) An unspecified error can be exploited to corrupt memory.

2) An unspecified error when processing ".dir" files in the
IML32.dll
module can be exploited to corrupt memory.

3) A third unspecified error can be exploited to corrupt
memory.

4) A signedness error when processing the tSAC RIFF chunk in
the
DIRAPI module can be exploited to corrupt memory.

5) An array indexing error when processing the rcsL RIFF chunk
in the
DIRAPIX module can be exploited to corrupt memory.

6) An unspecified error when processing ".dir" files in the
IML32.dll
module can be exploited to corrupt memory.

7) An unspecified error when processing ".dir" files in the
IML32.dll
module can be exploited to corrupt memory.

8) A boundary error when handling the chunk size following the
fourCC
value in Ordinal1111 (IML32X module) can be exploited to cause
a
heap-based buffer overflow via a specially crafted RIFF file.

9) An integer overflow error when processing 0xFFFFFF45 records
of 3D
objects can be exploited to cause a heap-based buffer overflow.

10) A signedness error when processing the PAMI RIFF chunk can
be
exploited to corrupt memory.

11) An indexing error when processing the rcsL RIFF chunk can
be
exploited to corrupt heap-based memory and overwrite a function
pointer via a specially crafted Director file with ".dir" or
".dcr"
extensions.

12) An uninitialized pointer error when processing the tSAC
RIFF
chunk can be exploited to transfer the program flow into a
random
heap-based memory location.

13) A signedness error when processing the tSAC RIFF chunk can
be
exploited to corrupt heap-based memory.

14) A singedness error when processing the tSAC RIFF chunk can
be
exploited to write a NULL byte to a certain memory location.

15) An integer overflow error when processing 0xFFFFFFF8
records can
be exploited to cause a heap-based buffer overflow via
specially a
crafted Director file with ".dir" or ".dcr" extensions.

16) An indexing error when processing the CSWV RIFF chunk
within the
IML32X.dll and DIRAPIX.dll modules can be exploited to corrupt
heap-based memory.

17) An indexing error when processing the tSAC RIFF chunk
within the
DIRAPIX.dll module can be exploited to write a NULL byte to a
heap-based memory location.

18) An integer overflow error in the TextXtra.x32 module can be
exploited to cause a heap-based buffer overflow.

19) An unspecified error when processing ".dir" files in the
DIRAPI.dll module can be exploited to corrupt memory.

20) An unspecified error when processing ".dir" files in the
IML32.dll module can be exploited to corrupt memory.

21) An unspecified error when processing ".dir" files in the
DIRAPI.dll module can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities may allow
execution of
arbitrary code.

The vulnerabilities are reported in versions prior to
11.5.8.612
running on Windows and Macintosh.

SOLUTION:
Update to version 11.5.8.612 or later.

ORIGINAL ADVISORY:
Adobe:
http://www.adobe.com/support/security/bulletins/apsb10-20.html

iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=878

TippingPoint DVLabs:
http://dvlabs.tippingpoint.com/advisory/TPTI-10-09
http://dvlabs.tippingpoint.com/advisory/TPTI-10-10
http://dvlabs.tippingpoint.com/advisory/TPTI-10-11
http://dvlabs.tippingpoint.com/advisory/TPTI-10-12
http://dvlabs.tippingpoint.com/advisory/TPTI-10-13
http://dvlabs.tippingpoint.com/advisory/TPTI-10-14
http://dvlabs.tippingpoint.com/advisory/TPTI-10-15

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-10-160/
http://www.zerodayinitiative.com/advisories/ZDI-10-161/
http://www.zerodayinitiative.com/advisories/ZDI-10-162/
http://www.zerodayinitiative.com/advisories/ZDI-10-163/
http://www.zerodayinitiative.com/advisories/ZDI-10-164/


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

• Follow-Ups:
  • Re: [PCWorks] Adobe Shockwave Player Multiple Vulnerabilities
    • From: Eric Vogel

Other related posts:

• » [PCWorks] Adobe Shockwave Player Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Adobe Shockwave Player Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Adobe Shockwave Player Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin
• » [PCWorks] Adobe Shockwave Player Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Adobe Shockwave Player Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Adobe Shockwave Player Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin

1. Home
2. pcworks
3. Archive
4. 08-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---