VUPEN Security Research - Adobe Shockwave DIRAPI Lctx Chunck Memory
Corruption Vulnerability (APSB11-01)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Over 450 million Internet-enabled desktops have installed Adobe Shockwave
Player. These people now have access to some of the best the Web has to
offer
including dazzling 3D games and entertainment, interactive product
demonstrations, and online learning applications. Shockwave Player displays
Web content that has been created by Adobe Director." from Adobe.com
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a critical vulnerability
in Adobe Shockwave.
The vulnerability is caused by a memory corruption error in the "DIRAPI.dll"
module when processing the "LCTX" chunk within a Director File, which could
be exploited by remote attackers to execute arbitrary code by tricking a
user into visiting a malicious web page.
CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
III. AFFECTED PRODUCTS
---------------------------
Adobe Shockwave Player version 11.5.9.615 and prior
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
In-depth binary analysis of the vulnerability and a code execution exploit
are available through the VUPEN Binary Analysis & Exploits Service :
http://www.vupen.com/english/services/ba-index.php
V. VUPEN Threat Protection Program
-----------------------------------
To proactively protect critical networks and infrastructures against
unpatched
vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares
its
vulnerability research with governments and organizations members of the
VUPEN
Threat Protection Program (TPP).
VUPEN TPP customers receive fully detailed and technical reports about
security
vulnerabilities discovered by VUPEN and in advance of their public
disclosure.
VUPEN TPP customers have been protected against this vulnerability 9 months
before the release of the Adobe patch.
http://www.vupen.com/english/services/tpp-index.php
VI. SOLUTION
----------------
Upgrade to Adobe Shockwave Player version 11.5.9.620.
VII. CREDIT
--------------
This vulnerability was discovered by Chaouki Bekrar of VUPEN Security
VIII. ABOUT VUPEN Security
---------------------------
VUPEN is a leading IT security research company providing vulnerability
management and security intelligence solutions which enable enterprises
and institutions to eliminate vulnerabilities before they can be exploited,
ensure security policy compliance and meaningfully measure and manage risks.
Governmental and federal agencies, and global enterprises in the financial
services, insurance, manufacturing and technology industries rely on VUPEN
to improve their security, prioritize resources, cut time and costs, and
stay ahead of the latest threats.
* VUPEN Vulnerability Notification Service (VNS) :
http://www.vupen.com/english/services/vns-index.php
* VUPEN Binary Analysis & Exploits Service (BAE) :
http://www.vupen.com/english/services/ba-index.php
* VUPEN Threat Protection Program for Govs (TPP) :
http://www.vupen.com/english/services/tpp-index.php
* VUPEN Web Application Security Scanner (WASS) :
http://www.vupen.com/english/services/wass-index.php
IX. REFERENCES
----------------------
http://www.vupen.com/english/research-vuln.php
http://www.vupen.com/english/advisories/2011/0335
http://www.adobe.com/support/security/bulletins/apsb11-01.html
X. DISCLOSURE TIMELINE
-----------------------------
2010-05-15 - Vulnerability Discovered by VUPEN
2010-05-17 - VUPEN TPP customers informed
2010-xx-xx - Vulnerability rediscovered by third parties
2011-02-08 - Adobe security update released
{"id": "SECURITYVULNS:DOC:25700", "bulletinFamily": "software", "title": "VUPEN Security Research - Adobe Shockwave DIRAPI LCTX Chunck Memory Corruption Vulnerability (APSB11-01)", "description": "VUPEN Security Research - Adobe Shockwave DIRAPI Lctx Chunck Memory \r\nCorruption Vulnerability (APSB11-01)\r\n\r\nhttp://www.vupen.com/english/research.php\r\n\r\n\r\nI. BACKGROUND\r\n---------------------\r\n\r\n"Over 450 million Internet-enabled desktops have installed Adobe Shockwave\r\nPlayer. These people now have access to some of the best the Web has to \r\noffer\r\nincluding dazzling 3D games and entertainment, interactive product\r\ndemonstrations, and online learning applications. Shockwave Player displays\r\nWeb content that has been created by Adobe Director." from Adobe.com\r\n\r\n\r\nII. DESCRIPTION\r\n---------------------\r\n\r\nVUPEN Vulnerability Research Team discovered a critical vulnerability\r\nin Adobe Shockwave.\r\n\r\nThe vulnerability is caused by a memory corruption error in the "DIRAPI.dll"\r\nmodule when processing the "LCTX" chunk within a Director File, which could\r\nbe exploited by remote attackers to execute arbitrary code by tricking a\r\nuser into visiting a malicious web page.\r\n\r\nCVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\r\n\r\n\r\nIII. AFFECTED PRODUCTS\r\n---------------------------\r\n\r\nAdobe Shockwave Player version 11.5.9.615 and prior\r\n\r\n\r\nIV. Binary Analysis & Exploits/PoCs\r\n---------------------------------------\r\n\r\nIn-depth binary analysis of the vulnerability and a code execution exploit\r\nare available through the VUPEN Binary Analysis & Exploits Service :\r\n\r\nhttp://www.vupen.com/english/services/ba-index.php\r\n\r\n\r\nV. VUPEN Threat Protection Program\r\n-----------------------------------\r\n\r\nTo proactively protect critical networks and infrastructures against \r\nunpatched\r\nvulnerabilities and reduce risks related to zero-day attacks, VUPEN shares \r\nits\r\nvulnerability research with governments and organizations members of the \r\nVUPEN\r\nThreat Protection Program (TPP).\r\n\r\nVUPEN TPP customers receive fully detailed and technical reports about \r\nsecurity\r\nvulnerabilities discovered by VUPEN and in advance of their public \r\ndisclosure.\r\n\r\nVUPEN TPP customers have been protected against this vulnerability 9 months\r\nbefore the release of the Adobe patch.\r\n\r\nhttp://www.vupen.com/english/services/tpp-index.php\r\n\r\n\r\nVI. SOLUTION\r\n----------------\r\n\r\nUpgrade to Adobe Shockwave Player version 11.5.9.620.\r\n\r\n\r\nVII. CREDIT\r\n--------------\r\n\r\nThis vulnerability was discovered by Chaouki Bekrar of VUPEN Security\r\n\r\n\r\nVIII. ABOUT VUPEN Security\r\n---------------------------\r\n\r\nVUPEN is a leading IT security research company providing vulnerability\r\nmanagement and security intelligence solutions which enable enterprises\r\nand institutions to eliminate vulnerabilities before they can be exploited,\r\nensure security policy compliance and meaningfully measure and manage risks.\r\n\r\nGovernmental and federal agencies, and global enterprises in the financial\r\nservices, insurance, manufacturing and technology industries rely on VUPEN\r\nto improve their security, prioritize resources, cut time and costs, and\r\nstay ahead of the latest threats.\r\n\r\n* VUPEN Vulnerability Notification Service (VNS) :\r\nhttp://www.vupen.com/english/services/vns-index.php\r\n\r\n* VUPEN Binary Analysis & Exploits Service (BAE) :\r\nhttp://www.vupen.com/english/services/ba-index.php\r\n\r\n* VUPEN Threat Protection Program for Govs (TPP) :\r\nhttp://www.vupen.com/english/services/tpp-index.php\r\n\r\n* VUPEN Web Application Security Scanner (WASS) :\r\nhttp://www.vupen.com/english/services/wass-index.php\r\n\r\n\r\nIX. REFERENCES\r\n----------------------\r\n\r\nhttp://www.vupen.com/english/research-vuln.php\r\nhttp://www.vupen.com/english/advisories/2011/0335\r\nhttp://www.adobe.com/support/security/bulletins/apsb11-01.html\r\n\r\n\r\nX. DISCLOSURE TIMELINE\r\n-----------------------------\r\n\r\n2010-05-15 - Vulnerability Discovered by VUPEN\r\n2010-05-17 - VUPEN TPP customers informed\r\n2010-xx-xx - Vulnerability rediscovered by third parties\r\n2011-02-08 - Adobe security update released\r\n", "published": "2011-02-14T00:00:00", "modified": "2011-02-14T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25700", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:39", "edition": 1, "viewCount": 16, "enchantments": {"score": {"value": 2.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11417"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11417"]}]}, "exploitation": null, "vulnersScore": 2.0}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645388442}}