Release DateJul 28, 2011 |
Severitycritical |
ImpactThis vulnerability allows remote attackers to execute arbitrary code under the context of the user running the browser or cause a denial of service (application crash). |
DescriptionAdobe Shockwave (formerly Macromedia Shockwave) is a multimedia platform used to add animation and interactivity to web pages. It allows Adobe Director applications to be published on the Internet and viewed in a web browser on any computer which has the Shockwave plug-in installed.Critical vulnerabilities have been identified within the code that parses Adobe Director files in the Adobe Shockwave Player on the Windows and Macintosh operating systems where the application handles malicious tag length values. When applications parsed the RIFF chunk, it does not check the offset value and seeks into the file data directly. If the offset gets malformed, the process can be given the incorrect pointer and operate the data at it's location. Adobe recommends users of Adobe Shockwave Player 11.5.6.606 and earlier versions update to Adobe Shockwave Player 11.5.7.609. |
Affected ProductsAdobe Shockwave Player before 11.5.7.609 |
Recommended ActionsUpdate to the latest version at http://get.adobe.com/shockwave/ |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2010-1292 |
