Summary:

Fortinet's FortiGuard Labs has discovered three vulnerabilities in Adobe Shockwave Player, which can lead to remote code execution and denial of service.

Impact:

Remote code execution and denial of service.

Risk:

Critical

Affected Software:

For a list of affected software, please refer to the Adobe Security Bulletin reference below.

Additional Information:

Two memory corruption vulnerabilities were discovered, each of which is highlighted below:

• Memory corruption in "DIRAPI.dll" (CVE-2010-2863)
• Memory corruption in "IML32.dll" (CVE-2010-2864)

One denial of service vulnerability was discovered:

• Denial of service in "DIRAPI.dll" (CVE-2010-2865)

The vulnerabilities are triggered when opening a malformed ".dir" file which contain an overly long length value in a certain field. For both CVE-2010-2863 and CVE-2010-2864, remote code execution is possible through memory corruption and integer overflow. For CVE-2010-2865, a denial of service occurs when Internet Explorer stops responding.

Solutions:

• Users should apply the solution provided by Adobe.

FortiGuard Labs released the following signature to protect against this vulnerability:

• "Adobe.Shockwave.Player.Lrtx.Chunk.Code.Execution" (CVE-2010-2863)
• "Adobe.Shockwave.Director.Lscm.Chunk.Code.Execution" (CVE-2010-2864)
• "Adobe.Shockwave.Director.Lscm.Chunk.Code.DoS" (CVE-2010-2865)

References:

• Adobe Security Bulletin: APSB10-20
• CVE ID: CVE-2010-2863
• CVE ID: CVE-2010-2864
• CVE ID: CVE-2010-2865

Acknowledgment:

• Honggang Ren of Fortinet's FortiGuard Labs