Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.SHOCKWAVE_PLAYER_APSB11-01.NASL
HistoryFeb 10, 2011 - 12:00 a.m.

Shockwave Player < 11.5.9.620 (APSB11-01)

2011-02-1000:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
11
JSON

The remote Windows host contains a version of Adobe’s Shockwave Player that is earlier than 11.5.9.620. Such versions are potentially affected by the following issues :

  • Several unspecified errors exist in the ‘dirapi.dll’ module that may allow arbitrary code execution. (CVE-2010-2587, CVE-2010-2588, CVE-2010-4188)

  • An error exists in the ‘dirapi.dll’ module related to an integer overflow and that may allow arbitrary code execution. (CVE-2010-2589)

  • It is reported that a use-after-free error exists in an unspecified compatibility component related to the ‘Settings’ window and an unloaded, unspecified library. This error is reported to allow arbitrary code execution when a crafted, malicious website is visited. (CVE-2010-4092)

  • Unspecified errors exist that may allow arbitrary code execution or memory corruption. The attack vectors is unspecified. (CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, CVE-2010-4306, CVE-2011-0555)

  • An input validation error exists in the ‘IML32’ module that may allow arbitrary code execution when processing global color table size of a GIF image contained in a Director movie. (CVE-2010-4189)

  • An unspecified input validation error exists that may allow arbitrary code execution through unspecified vectors. (CVE-2010-4193)

  • An unspecified input validation error exists in the ‘dirapi.dll’ module that may allow arbitrary code execution through unspecified vectors. (CVE-2010-4194)

  • An integer overflow error exists in the ‘3D Assets’ module when parsing 3D assets containing the record type ‘0xFFFFFF45’. This error may allow arbitrary code execution. (CVE-2010-4196)

  • An input validation error exists in the ‘DEMUX’ chunks parsing portion of the ‘TextXtra.x32’ module. This error may allow arbitrary code execution. (CVE-2010-4195)

  • An unspecified buffer overflow error exists that may allow arbitrary code execution through unspecified vectors. (CVE-2010-4307)

  • An error exists in the ‘PFR1’ chunks parsing portion of the ‘Font Xtra.x32’ module. This error may allow arbitrary code execution. (CVE-2011-0556)

  • An unspecified integer overflow error exists that may allow arbitrary code execution through unspecified vectors.(CVE-2011-0557)

  • An error exists in the ‘Font Xtra.x32’ module related to signedness that may allow arbitrary code execution.
    (CVE-2011-0569)

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(51936);
  script_version("1.13");
  script_cvs_date("Date: 2018/07/27 18:38:15");

  script_cve_id(
    "CVE-2010-2587", "CVE-2010-2588", "CVE-2010-2589", "CVE-2010-4092", 
    "CVE-2010-4093", "CVE-2010-4187", "CVE-2010-4188", "CVE-2010-4189",
    "CVE-2010-4190", "CVE-2010-4191", "CVE-2010-4192", "CVE-2010-4193",
    "CVE-2010-4194", "CVE-2010-4195", "CVE-2010-4196", "CVE-2010-4306",
    "CVE-2010-4307", "CVE-2011-0555", "CVE-2011-0556", "CVE-2011-0557",
    "CVE-2011-0569");
  script_bugtraq_id(
    44617, 
    46316,
    46317,
    46318,
    46319,
    46320,
    46321,
    46324,
    46325,
    46326,
    46327,
    46328,
    46329,
    46330,
    46332,
    46333,
    46334,
    46335,
    46336,
    46338,
    46339
  );
  script_xref(name:"Secunia", value:"42112");

  script_name(english:"Shockwave Player < 11.5.9.620 (APSB11-01)");
  script_summary(english:"Checks version of Shockwave Player");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser plugin that is
affected by multiple vulnerabilities.");

  script_set_attribute(attribute:"description", value:
"The remote Windows host contains a version of Adobe's Shockwave
Player that is earlier than 11.5.9.620.  Such versions are potentially
affected by the following issues :

  - Several unspecified errors exist in the 'dirapi.dll' 
    module that may allow arbitrary code execution. 
    (CVE-2010-2587, CVE-2010-2588, CVE-2010-4188)

  - An error exists in the 'dirapi.dll' module related to 
    an integer overflow and that may allow arbitrary code
    execution. (CVE-2010-2589)

  - It is reported that a use-after-free error exists in an
    unspecified compatibility component related to the 
    'Settings' window and an unloaded, unspecified library. 
    This error is reported to allow arbitrary code execution 
    when a crafted, malicious website is visited. 
    (CVE-2010-4092)

  - Unspecified errors exist that may allow arbitrary 
    code execution or memory corruption. The attack vectors
    is unspecified. (CVE-2010-4093, CVE-2010-4187, 
    CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, 
    CVE-2010-4306, CVE-2011-0555)

  - An input validation error exists in the 'IML32' module
    that may allow arbitrary code execution when processing 
    global color table size of a GIF image contained in a 
    Director movie. (CVE-2010-4189)

  - An unspecified input validation error exists that may
    allow arbitrary code execution through unspecified
    vectors. (CVE-2010-4193)

  - An unspecified input validation error exists in the 
    'dirapi.dll' module that may allow arbitrary code 
    execution through unspecified vectors. (CVE-2010-4194)

  - An integer overflow error exists in the '3D Assets'
    module when parsing 3D assets containing the record
    type '0xFFFFFF45'. This error may allow arbitrary code
    execution. (CVE-2010-4196)

  - An input validation error exists in the 'DEMUX' chunks 
    parsing portion of the 'TextXtra.x32' module. This
    error may allow arbitrary code execution. 
    (CVE-2010-4195)

  - An unspecified buffer overflow error exists that may
    allow arbitrary code execution through unspecified
    vectors. (CVE-2010-4307)

  - An error exists in the 'PFR1' chunks parsing portion
    of the 'Font Xtra.x32' module. This error may allow
    arbitrary code execution. (CVE-2011-0556)

  - An unspecified integer overflow error exists that may
    allow arbitrary code execution through unspecified
    vectors.(CVE-2011-0557)

  - An error exists in the 'Font Xtra.x32' module related
    to signedness that may allow arbitrary code execution.
    (CVE-2011-0569)");

  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-078/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-079/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-080/");
  script_set_attribute(attribute:"see_also", value:"http://www.adobe.com/support/security/bulletins/apsb11-01.html");
  script_set_attribute(attribute:"solution", value:"Upgrade to Adobe Shockwave 11.5.9.620 or later.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/02/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/02/10");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:shockwave_player");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("shockwave_player_apsb09_08.nasl");
  script_require_keys("SMB/shockwave_player");

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("smb_func.inc");

port = kb_smb_transport();
installs = get_kb_list('SMB/shockwave_player/*/path');
if (isnull(installs)) exit(0, 'Shockwave Player was not detected on the remote host.');

info = NULL;
pattern = 'SMB/shockwave_player/([^/]+)/([^/]+)/path';

foreach install (keys(installs))
{
  match = eregmatch(string:install, pattern:pattern);
  if (!match) exit(1, 'Unexpected format of KB key "' + install + '".');

  file = installs[install];
  variant = match[1];
  version = match[2];

  if (ver_compare(ver:version, fix:'11.5.9.620') == -1)
  {
    if (variant == 'Plugin')
      info += '\n  - Browser Plugin (for Firefox / Netscape / Opera) :\n';
    else if (variant == 'ActiveX')
      info += '\n  - ActiveX control (for Internet Explorer) :\n';
    info += '    ' + file + ', ' + version + '\n';
  }
}

if (!info) exit(0, 'No vulnerable installs of Shockwave Player were found.');

if (report_verbosity > 0)
{
  if (max_index(split(info)) > 2) s = "s";
  else s = "";

  report = 
    '\nNessus has identified the following vulnerable instance'+s+' of Shockwave'+
    '\nPlayer installed on the remote host :\n'+
    info;
  security_hole(port:port, extra:report);
}
else security_hole(port);
VendorProductVersionCPE
adobeshockwave_playercpe:/a:adobe:shockwave_player

References

Related

openvas 4
securityvulns 11
nessus 1
prion 21
cve 21
cert 1
zdi 3
checkpoint_advisories 2
openvas
openvas
Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Feb 2011
2011-02-15 00:00:00
Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities (Feb 2011)
2011-02-15 00:00:00
Adobe Shockwave Player Use-After-Free Vulnerability
2010-11-12 00:00:00
securityvulns
securityvulns
Adobe Shockwave Player multiple security vulnerabilities
2011-02-14 00:00:00
Security update available for Shockwave Player
2011-02-11 00:00:00
ZDI-11-079: Adobe Shockwave Player 0xFFFFFF45 Record Count Element Remote Code Execution Vulnerability
2011-02-11 00:00:00
nessus
nessus
Adobe Shockwave Player <= 11.5.9.615 (APSB11-01) (Mac OS X)
2014-12-22 00:00:00
prion
prion
Memory corruption
2011-02-10 16:00:00
Memory corruption
2011-02-10 16:00:00
Memory corruption
2011-02-10 16:00:00
cve
cve
CVE-2010-4187
2011-02-10 16:00:00
CVE-2010-4191
2011-02-10 16:00:00
CVE-2011-0555
2011-02-10 16:00:00
cert
cert
Adobe Shockwave 11.5.9.615 contains multiple memory corruption vulnerabilities
2011-02-11 00:00:00
zdi
zdi
Adobe Shockwave Player 0xFFFFFF45 Record Count Element Remote Code Execution Vulnerability
2011-02-08 00:00:00
Adobe Shockwave CSWV Chunk Substructure Offset Value Remote Code Execution Vulnerability
2011-02-08 00:00:00
Adobe Shockwave Player FFFFFF88 Record Count Element Remote Code Execution Vulnerability
2011-02-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Shockwave Player Director File FFFFFF88 Record Integer Overflow (CVE-2010-2876; CVE-2010-4192)
2010-10-04 00:00:00
Preemptive Protection against Adobe Shockwave Player Director File FFFFFF88 Record Parsing Remote Code Execution Vulnerabilities (APSB11-01)
2011-04-27 00:00:00
JSON
Related for SHOCKWAVE_PLAYER_APSB11-01.NASL
openvas4securityvulns11nessus1prion21cve21cert1zdi3checkpoint_advisories2