Adobe Shockwave contains multiple memory corruption vulnerabilities


### Overview Adobe Shockwave Player and earlier versions on the Windows and Macintosh operating systems contain critical vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. ### Description Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe Director. Shockwave Player is available as an ActiveX control for Internet Explorer and as a plug-in for other web browsers. Multiple vulnerabilities have been discovered in Shockwave Player and its Xtra components that can be exploited by an attacker to execute arbitrary code on a user's system. More details are available in Adobe Security Bulletin [APSB11-01](<http://www.adobe.com/support/security/bulletins/apsb11-01.html>). --- ### Impact By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), Microsoft Office document, or any other document that supports embedded Shockwave content, an attacker may be able to execute arbitrary code --- ### Solution **Apply an update** These issues have been addressed in Adobe Shockwave Player Please see Adobe Security Bulletin [APSB11-01](<http://www.adobe.com/support/security/bulletins/apsb11-01.html>) for more details. --- **Limit access to Director files** Restricting the handling of untrusted Director content may help mitigate this vulnerability. See [Securing Your Web Browser](<http://www.us-cert.gov/reading_room/securing_browser/>) for more information. Consider using the [NoScript ](<http://noscript.net/>)extension to whitelist web sites that can run Shockwave Player in Mozilla browsers such as Firefox. See the NoScript [FAQ ](<http://noscript.net/features#contentblocking>)for more information. **Disable the Shockwave Player ActiveX control in Internet Explorer** The Shockwave Player ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSIDs: `{166B1BCA-3F9C-11CF-8075-444553540000}` `{233C1507-6A77-46A4-9443-F871F945D258}` Alternatively, the following text can be saved as a .REG file and imported to set the kill bit for this control: `Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{166B1BCA-3F9C-11CF-8075-444553540000}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{166B1BCA-3F9C-11CF-8075-444553540000}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{233C1507-6A77-46A4-9443-F871F945D258}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{233C1507-6A77-46A4-9443-F871F945D258}] "Compatibility Flags"=dword:00000400` More information about how to set the kill bit is available in [Microsoft Support Document 240797](<http://support.microsoft.com/kb/240797>). --- ### Vendor Information 189929 Filter by status: All Affected Not Affected Unknown Filter by content: __ Additional information available __ Sort by: Status Alphabetical Expand all **Javascript is disabled. Click here to view vendors.** ### Adobe Unknown Notified: October 27, 2010 Updated: October 27, 2010 ### Status Unknown ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### CVSS Metrics Group | Score | Vector ---|---|--- Base | 9 | AV:N/AC:M/Au:N/C:C/I:C/A:P Temporal | 7 | E:POC/RL:OF/RC:C Environmental | 7 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND ### References <http://www.adobe.com/support/security/bulletins/apsb11-01.html> ### Acknowledgements These vulnerabilities were reported by Will Dormann of the CERT/CC. This document was written by Will Dormann. ### Other Information **CVE IDs:** | [CVE-2010-4093](<http://web.nvd.nist.gov/vuln/detail/CVE-2010-4093>), [CVE-2010-4193](<http://web.nvd.nist.gov/vuln/detail/CVE-2010-4193>), [CVE-2010-4194](<http://web.nvd.nist.gov/vuln/detail/CVE-2010-4194>), [CVE-2010-4195](<http://web.nvd.nist.gov/vuln/detail/CVE-2010-4195>), [CVE-2010-4196](<http://web.nvd.nist.gov/vuln/detail/CVE-2010-4196>) ---|--- **Severity Metric:** | 7.65 **Date Public:** | 2011-02-08 **Date First Published:** | 2011-02-11 **Date Last Updated: ** | 2012-03-28 15:21 UTC **Document Revision: ** | 11