Computer Security
[EN] securityvulns.ru no-pyccku


Adobe Shockwave multiple security vulnerabilities
updated since 01.11.2010
Published:02.11.2010
Source:
SecurityVulns ID:11222
Type:client
Threat Level:
8/10
Description:Multiple memory corruptions.
Affected:ADOBE : Shockwave Player 11.5
CVE:CVE-2010-4089 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file containing "duplicated LCSM entries in mmap record," a different vulnerability than CVE-2010-4087.)
 CVE-2010-4088 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with "duplicated references to the same KEY* chunk," a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4086.)
 CVE-2010-4087 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with a crafted mmap record containing an invalid length of a VSWV entry, a different vulnerability than CVE-2010-4089.)
 CVE-2010-4086 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Director (.dir) media file with an invalid element size, a different vulnerability than CVE-2010-2581, CVE-2010-2880, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4088.)
 CVE-2010-2582 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2010-2581 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088.)
Original documentdocumentRodrigo Branco, Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4089 (02.11.2010)
 documentRodrigo Branco, Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4087 (02.11.2010)
 documentRodrigo Branco, Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4088 (02.11.2010)
 documentRodrigo Branco, Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4086 (02.11.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player "DEMX" Chunk Parsing Vulnerability (01.11.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player "pamm" Chunk Parsing Vulnerability (01.11.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod