Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4086

Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Memory corruption when Adobe Shockwave Player parses .dir media file...

Memory corruption

dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4086, and CVE-2010-4088...

CVE-2010-4086

CVE-2010-4086 affects Adobe Shockwave Player prior to 11.5.9.615. The vulnerability resides in the dirapi.dll component and is triggered by a crafted Director (.dir) media file with an invalid element size, leading to arbitrary code execution or memory corruption (also described as potential DoS)...

Shockwave Player < 11.5.9.615

The remote Windows host contains a version of Adobe's Shockwave Player that is earlier than 11.5.9.615. Such versions are potentially affected by the following issues : - A memory corruption issue exists that could lead to code execution. Note that there are reports this issue is being exploited ...