Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiLuigi AuriemmaZDI-11-209
HistoryJun 14, 2011 - 12:00 a.m.

Adobe Shockwave rcsL Substructure Parsing Remote Code Execution Vulnerability

2011-06-1400:00:00
Luigi Auriemma
www.zerodayinitiative.com
15

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.112 Low

EPSS

Percentile

95.1%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rcsL chunk inside Adobe’s RIFF-based Director file format. The code within the Dirapi.dll is affected by an integer wrap caused by the size value being calculated from the difference of two pointers without checking if the first is above the other and resulting in endless copying. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.

Related

zdi 3
securityvulns 8
prion 7
cve 7
cvelist 5
openvas 2
nessus 2
zdi
zdi
Adobe Shockwave Missing Lctx Chunk Remote Code Execution Vulnerability
2011-06-14 00:00:00
Adobe Shockwave Director File rcsL Chunk Multiple Opcode Parsing Remote Code Execution Vulnerability
2011-06-15 00:00:00
Adobe Shockwave rcsL Chunk 16-bit Field Parsing Remote Code Execution Vulnerability
2011-06-14 00:00:00
securityvulns
securityvulns
iDefense Security Advisory 06.14.11: Adobe Shockwave Lingo Script Opcodes Integer Signedness Vulnerability
2011-06-19 00:00:00
TPTI-11-10: Adobe Shockwave dirapi.dll rcsL Chunk Parsing Remote Code Execution Vulnerability
2011-06-19 00:00:00
ZDI-11-205: Adobe Shockwave Missing Lctx Chunk Remote Code Execution Vulnerability
2011-06-19 00:00:00
prion
prion
Memory corruption
2011-06-16 23:55:00
Memory corruption
2011-06-16 23:55:00
Memory corruption
2011-06-16 23:55:00
cve
cve
CVE-2011-2122
2011-06-16 23:55:00
CVE-2011-0335
2011-06-16 23:55:00
CVE-2011-0318
2011-06-16 23:55:00
cvelist
cvelist
CVE-2011-0318
2011-06-16 23:00:00
CVE-2011-0319
2011-06-16 23:00:00
CVE-2011-0317
2011-06-16 23:00:00
openvas
openvas
Adobe Shockwave Player Multiple Unspecified Vulnerabilities
2011-06-21 00:00:00
Adobe Shockwave Player Multiple Unspecified Vulnerabilities
2011-06-21 00:00:00
nessus
nessus
Adobe Shockwave Player <= 11.5.9.620 (APSB11-17) (Mac OS X)
2014-12-22 00:00:00
Shockwave Player < 11.6.0.626 (APSB11-17)
2011-06-15 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.112 Low

EPSS

Percentile

95.1%

JSON
Related for ZDI-11-209
zdi3securityvulns8prion7cve7cvelist5openvas2nessus2