Lucene search

K

Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities (Aug 2011)

🗓️ 29 Aug 2011 00:00:00Reported by Copyright (C) 2011 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 19 Views

Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities (Aug 2011). Multiple flaws caused by memory corruptions errors in the IML32.dll, Dirapi.dll, Textra.x32, and msvcr90.dll component when processing malformed '.dir' media file. Successful exploitation can allow attackers to cause Denial of Service or execute arbitrary code by tricking a user into visiting a specially crafted web page. Upgrade to Adobe Shockwave Player version 11.6.1.629 or later

Show more
Related
Refs
Code
# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.902617");
  script_version("2024-02-20T05:05:48+0000");
  script_tag(name:"last_modification", value:"2024-02-20 05:05:48 +0000 (Tue, 20 Feb 2024)");
  script_tag(name:"creation_date", value:"2011-08-29 16:22:41 +0200 (Mon, 29 Aug 2011)");
  script_cve_id("CVE-2010-4308", "CVE-2010-4309", "CVE-2011-2419", "CVE-2011-2420",
                "CVE-2011-2421", "CVE-2011-2422", "CVE-2011-2423");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_name("Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities (Aug 2011)");
  script_xref(name:"URL", value:"http://secunia.com/advisories/45584");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49102");
  script_xref(name:"URL", value:"http://www.adobe.com/support/security/bulletins/apsb11-19.html");

  script_tag(name:"qod_type", value:"registry");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone AG");
  script_family("General");
  script_dependencies("secpod_adobe_shockwave_player_detect.nasl");
  script_mandatory_keys("Adobe/ShockwavePlayer/Ver");
  script_tag(name:"impact", value:"Successful exploitation will allow attackers to cause Denial of Service or
  execute arbitrary code by tricking a user into visiting a specially crafted
  web page.");
  script_tag(name:"affected", value:"Adobe Shockwave Player Versions prior to 11.6.1.629 on Windows.");
  script_tag(name:"insight", value:"Multiple flaws are caused by memory corruptions errors in the IML32.dll,
  Dirapi.dll, Textra.x32 and msvcr90.dll component when processing malformed
  '.dir' media file.");
  script_tag(name:"solution", value:"Upgrade to Adobe Shockwave Player version 11.6.1.629 or later.");
  script_tag(name:"summary", value:"Adobe Shockwave Player is prone to multiple remote code execution vulnerabilities.");

  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("version_func.inc");

shockVer = get_kb_item("Adobe/ShockwavePlayer/Ver");
if(!shockVer){
  exit(0);
}

if(version_is_less(version:shockVer, test_version:"11.6.1.629")){
  report = report_fixed_ver(installed_version:shockVer, fixed_version:"11.6.1.629");
  security_message(port: 0, data: report);
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo