Detections
Analytics
Shockwave Player < 11.5.7.609 Multiple Vulnerabilities (APSB10-12)
high Nessus Plugin ID 46329
Language:
Synopsis
The remote Windows host contains a web browser plugin that is affected by multiple vulnerabilities.Description
The remote Windows host contains a version of Adobe's Shockwave Player that is earlier than 11.5.7.609. Such versions are affected by the following issues :- Processing specially crafted FFFFFF45h Shockwave 3D blocks can result in memory corruption.
(CVE-2010-0127, CVE-2010-1283)
- A signedness error that can lead to memory corruption when processing specially crafted Director files.
(CVE-2010-0128)
- An array indexing error that can lead to memory corruption when processing specially crafted Director files. (CVE-2010-0129)
- An integer overflow vulnerability that can lead to memory corruption when processing specially crafted Director files. (CVE-2010-0130)
- An unspecified error when processing asset entries in Director files can lead to memory corruption.
(CVE-2010-0986)
- A boundary error when processing embedded fonts from a Directory file can lead to memory corruption.
(CVE-2010-0987)
- An unspecified error when processing Director files can result in memory corruption. (CVE-2010-1280)
- Several unspecified memory corruption vulnerabilities.
(CVE-2010-1281, CVE-2010-1282, CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1288, CVE-2010-1289, CVE-2010-1290, CVE-2010-1291, CVE-2010-1292)
Solution
Upgrade to Adobe Shockwave 11.5.7.609 or later.See Also
https://secuniaresearch.flexerasoftware.com/secunia_research/2010-17/
https://secuniaresearch.flexerasoftware.com/secunia_research/2010-19/
https://secuniaresearch.flexerasoftware.com/secunia_research/2010-20/
https://secuniaresearch.flexerasoftware.com/secunia_research/2010-22/
https://secuniaresearch.flexerasoftware.com/secunia_research/2010-34/
https://secuniaresearch.flexerasoftware.com/secunia_research/2010-50/
http://www.zerodayinitiative.com/advisories/ZDI-10-087/
http://www.zerodayinitiative.com/advisories/ZDI-10-088/
http://www.zerodayinitiative.com/advisories/ZDI-10-089/
http://www.nessus.org/u?19865c37
https://seclists.org/fulldisclosure/2010/May/136
https://seclists.org/fulldisclosure/2010/May/137
https://seclists.org/fulldisclosure/2010/May/138
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php
http://www.coresecurity.com/content/adobe-director-invalid-read
http://www.adobe.com/support/security/bulletins/apsb10-12.html
Plugin Details
Severity: High
ID: 46329
File Name: shockwave_player_apsb10-12.nasl
Version: 1.13
Type: local
Agent: windows
Family: Windows
Published: 5/12/2010
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:adobe:shockwave_player
Required KB Items: SMB/shockwave_player
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/11/2010
Vulnerability Publication Date: 5/11/2010
Reference Information
CVE: CVE-2010-0127, CVE-2010-0128, CVE-2010-0129, CVE-2010-0130, CVE-2010-0986, CVE-2010-0987, CVE-2010-1280, CVE-2010-1281, CVE-2010-1282, CVE-2010-1283, CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1288, CVE-2010-1289, CVE-2010-1290, CVE-2010-1291, CVE-2010-1292
BID: 40076, 40077, 40078, 40079, 40081, 40082, 40083, 40084, 40085, 40086, 40087, 40088, 40089, 40090, 40091, 40093, 40094, 40096
Secunia: 38751