Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities (Aug 2011). Multiple flaws caused by memory corruptions errors in the IML32.dll, Dirapi.dll, Textra.x32, and msvcr90.dll component when processing malformed '.dir' media file. Successful exploitation can allow attackers to cause Denial of Service or execute arbitrary code by tricking a user into visiting a specially crafted web page. Upgrade to Adobe Shockwave Player version 11.6.1.629 or later
Reporter | Title | Published | Views | Family All 34 |
---|---|---|---|---|
![]() | Shockwave Player < 11.6.1.629 Multiple Memory Corruption Vulnerabilities (APSB11-19) | 12 Aug 201100:00 | – | nessus |
![]() | Adobe Shockwave Player <= 11.6.0.626 Multiple Memory Corruption Vulnerabilities (APSB11-19) (Mac OS X) | 22 Dec 201400:00 | – | nessus |
![]() | Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Mac OS X | 29 Aug 201100:00 | – | openvas |
![]() | Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Aug 2011 | 29 Aug 201100:00 | – | openvas |
![]() | Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities (Mac OS X) | 29 Aug 201100:00 | – | openvas |
![]() | Adobe Shockwave Player multiple security vulnerabilities | 17 Aug 201100:00 | – | securityvulns |
![]() | CVE-2010-4308 | 11 Aug 201122:55 | – | cve |
![]() | CVE-2010-4309 | 11 Aug 201122:55 | – | cve |
![]() | CVE-2011-2423 | 11 Aug 201122:55 | – | cve |
![]() | CVE-2011-2419 | 11 Aug 201122:55 | – | cve |
Source | Link |
---|---|
secunia | www.secunia.com/advisories/45584 |
adobe | www.adobe.com/support/security/bulletins/apsb11-19.html |
securityfocus | www.securityfocus.com/bid/49102 |
# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.902617");
script_version("2024-02-20T05:05:48+0000");
script_tag(name:"last_modification", value:"2024-02-20 05:05:48 +0000 (Tue, 20 Feb 2024)");
script_tag(name:"creation_date", value:"2011-08-29 16:22:41 +0200 (Mon, 29 Aug 2011)");
script_cve_id("CVE-2010-4308", "CVE-2010-4309", "CVE-2011-2419", "CVE-2011-2420",
"CVE-2011-2421", "CVE-2011-2422", "CVE-2011-2423");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities (Aug 2011)");
script_xref(name:"URL", value:"http://secunia.com/advisories/45584");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49102");
script_xref(name:"URL", value:"http://www.adobe.com/support/security/bulletins/apsb11-19.html");
script_tag(name:"qod_type", value:"registry");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2011 Greenbone AG");
script_family("General");
script_dependencies("secpod_adobe_shockwave_player_detect.nasl");
script_mandatory_keys("Adobe/ShockwavePlayer/Ver");
script_tag(name:"impact", value:"Successful exploitation will allow attackers to cause Denial of Service or
execute arbitrary code by tricking a user into visiting a specially crafted
web page.");
script_tag(name:"affected", value:"Adobe Shockwave Player Versions prior to 11.6.1.629 on Windows.");
script_tag(name:"insight", value:"Multiple flaws are caused by memory corruptions errors in the IML32.dll,
Dirapi.dll, Textra.x32 and msvcr90.dll component when processing malformed
'.dir' media file.");
script_tag(name:"solution", value:"Upgrade to Adobe Shockwave Player version 11.6.1.629 or later.");
script_tag(name:"summary", value:"Adobe Shockwave Player is prone to multiple remote code execution vulnerabilities.");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("version_func.inc");
shockVer = get_kb_item("Adobe/ShockwavePlayer/Ver");
if(!shockVer){
exit(0);
}
if(version_is_less(version:shockVer, test_version:"11.6.1.629")){
report = report_fixed_ver(installed_version:shockVer, fixed_version:"11.6.1.629");
security_message(port: 0, data: report);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo