Computer Security
[EN] securityvulns.ru no-pyccku


Adobe Shockwave Player multiple security vulnerabilities
updated since 17.06.2011
Published:19.06.2011
Source:
SecurityVulns ID:11741
Type:remote
Threat Level:
8/10
Description:Multiple memory corruptions, buffer overflow, code execution.
Affected:ADOBE : Shockwave Player 11.5
CVE:CVE-2011-2129
 CVE-2011-2127 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2117, CVE-2011-2124, and CVE-2011-2128.)
 CVE-2011-2126 (Buffer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2125 (Buffer overflow in Dirapix.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2124 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2117, CVE-2011-2127, and CVE-2011-2128.)
 CVE-2011-2123 (Integer overflow in the Shockwave 3D Asset x32 component in Adobe Shockwave Player before 11.6.0.626 allows remote attackers to execute arbitrary code via a crafted subrecord in a DEMX chunk, which triggers a heap-based buffer overflow.)
 CVE-2011-2122 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to rcsL substructures, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2119.)
 CVE-2011-2121 (Integer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2120 (Integer overflow in the CursorAsset x32 component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2119 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2122.)
 CVE-2011-2118 (The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to an "input validation vulnerability.")
 CVE-2011-2117 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2124, CVE-2011-2127, and CVE-2011-2128.)
 CVE-2011-2116 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2111 and CVE-2011-2115.)
 CVE-2011-2115 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted tSAC chunk, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2011-2111 and CVE-2011-2116.)
 CVE-2011-2114 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2117, CVE-2011-2124, CVE-2011-2127, and CVE-2011-2128.)
 CVE-2011-2113 (Multiple buffer overflows in the Shockwave3DAsset component in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2112 (Multiple buffer overflows in IML32.dll in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2111 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2115 and CVE-2011-2116.)
 CVE-2011-2109 (Multiple integer overflows in Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2108 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to a "design flaw.")
 CVE-2011-0335 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-2119, and CVE-2011-2122.)
 CVE-2011-0320 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.)
 CVE-2011-0319 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.)
 CVE-2011-0318 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.)
 CVE-2011-0317 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.)
Original documentdocumentsignaladvisory_(at)_gmail.com, [BGA - SignalSEC Advisory]:Adobe Shockwave Player Remote Code Execution (19.06.2011)
 documentIDEFENSE, iDefense Security Advisory 06.14.11: Adobe Shockwave Cursor Asset tSAC Chunk Integer Overflow Vulnerability (19.06.2011)
 documentIDEFENSE, iDefense SecurityiDefense Security Advisory 06.14.11: Adobe Shockwave Font Asset Heap Overflow Vulnerabilityr Signedness Vulnerability (19.06.2011)
 documentIDEFENSE, iDefense Security Advisory 06.14.11: Adobe Shockwave Lingo Script Opcodes Integer Signedness Vulnerability (19.06.2011)
 documentZDI, ZDI-11-200: Adobe Shockwave AudioMixer Structure Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-205: Adobe Shockwave Missing Lctx Chunk Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-206: Adobe Shockwave GIF Decompression Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-211: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk 0xFFFFFF49 Field Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-221: Adobe Shockwave Shockwave 3d Asset.x32 DEMX 0xFFFFFF45 Field Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, TPTI-11-07: Adobe Shockwave iml32.dll CSWV Chunk Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-204: Adobe Shockwave TextXtra Text Element Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-207: Adobe Shockwave tSAC Chunk String Termination Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-210: Adobe Shockwave rcsL Chunk Parsing Misallocation Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, TPTI-11-08: Adobe Shockwave iml32.dll DEMX Chunk GIF Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, TPTI-11-11: Adobe Shockwave Lnam Chunk Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-209: Adobe Shockwave rcsL Substructure Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-212: Adobe Shockwave KEY* Chunk Invalid Size Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-213: Adobe Shockwave rcsL Trusted Offset Chunk Processing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-214: Adobe Shockwave CASt Chunk Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-220: Adobe Shockwave Director File rcsL Chunk Multiple Opcode Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-201: Adobe Shockwave Cursor Structure Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-202: Adobe Shockwave rcsL String Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-208: Adobe Shockwave rcsL Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, TPTI-11-10: Adobe Shockwave dirapi.dll rcsL Chunk Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentIDEFENSE, iDefense Security Advisory 06.14.11: Adobe Shockwave 3D Asset DEMX Integer Overflow Vulnerability (19.06.2011)
 document , ZDI-11-222: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk Substructure Count Remote Code Execution Vulnerability (17.06.2011)
 documentZDI, ZDI-11-203: Adobe Shockwave xtcL Chunk Parsing Integer Overflow Remote Code Execution Vulnerability (17.06.2011)
 documentZDI, ZDI-11-216: Adobe Shockwave rcsL Chunk 16-bit Field Parsing Remote Code Execution Vulnerability (17.06.2011)
 documentZDI, ZDI-11-217: Adobe Shockwave Font Structure Parsing Remote Code Execution Vulnerability (17.06.2011)
 documentZDI, ZDI-11-215: Adobe Shockwave DEMX Chunk Multiple Field Parsing Remote Code Execution Vulnerability (17.06.2011)
Files:Security update available for Adobe Shockwave Player

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod