Adobe Plugs Several Buffer Overflow Holes in Shockwave Player

ID THREATPOST:F7E5F427970829F6067BA7131924081A
Type threatpost
Reporter Michael Mimoso
Modified 2013-04-17T16:31:20


Adobe announced today it has repaired a host of critical buffer overflow vulnerabilities and an array out of bounds vulnerability in Shockwave Player and urges users to update to the latest version of the software, version

The company said it is not aware of active exploits. Both the Windows and MacOS versions of Shockwave Player are vulnerable.

Details on the buffer overflow flaws will be available in CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, CVE-2012-4175, CVE-2012-5273 and the array out of bounds vulnerability in CVE-2012-4176. MITRE Corp., which manages the CVE list, has yet to update those entries.

The security of Adobe products has been under the microscope the last four weeks. Most recently, Adobe upgraded its Reader and Acrobat products with enhancements to its sandbox functionality and a new feature that forces any DLL loaded by either application to use Address Space Layout Randomization (ASLR).

Adobe introduced sandboxing in Reader version X; sandboxing is meant to keep malware from using a vulnerability in Reader to infect the operating system or other applications on a computer. The new capabilities prevent read-only requests on the machine, the theory being this protects personal data stored on the machine.

In late September, Adobe disclosed that it had been attacked and hackers were using a valid Adobe certificate to sign two malicious utilities used most often in targeted attacks. Adobe revoked the certificate Oct. 4.

Adobe said attackers had penetrated a build server with access to the Adobe code signing infrastructure.

Adobe software signed with the certificate after July 10 for Windows machines, as well as three Adobe Air applications running on Windows and MacOS were affected.

The two utilities in question are pwdump7 v7.1, which extracts password hashes from Windows and sometimes links the OpenSSL library libeay32.dll, and myGeeksmail.dll, a malicious ISAPI filter that runs on the Microsoft Web server software IIS. ISAPI can be used to modify IIS’ functionality.