Detections
Analytics

Adobe Shockwave Player <= 11.5.6.606 Multiple Vulnerabilities (APSB10-12) (Mac OS X)

high Nessus Plugin ID 80172

Language:

Synopsis

The remote Mac OS X host contains a web browser plugin that is affected by multiple vulnerabilities.

Description

The remote Mac OS X host contains a version of Adobe Shockwave Player that is 11.5.6.606 or earlier. It is, therefore, affected by multiple vulnerabilities :

 - Processing specially crafted FFFFFF45h Shockwave 3D blocks results in memory corruption. (CVE-2010-0127, CVE-2010-1283)

 - A signedness error leads to memory corruption when processing specially crafted Director files.
 (CVE-2010-0128)

 - An array indexing error leads to memory corruption when processing specially crafted Director files.
 (CVE-2010-0129)

 - An integer overflow vulnerability leads to memory corruption when processing specially crafted Director files. (CVE-2010-0130)

 - An unspecified error when processing asset entries in Director files leads to memory corruption.
 (CVE-2010-0986)

 - A boundary error when processing embedded fonts from a Directory file leads to memory corruption.
 (CVE-2010-0987)

 - An unspecified error when processing Director files results in memory corruption. (CVE-2010-1280)

 - Several unspecified memory corruption vulnerabilities.
 (CVE-2010-1281, CVE-2010-1282, CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1288, CVE-2010-1289, CVE-2010-1290, CVE-2010-1291, CVE-2010-1292)

Solution

Upgrade to Adobe Shockwave 11.5.7.609 or later.

See Also

http://www.zerodayinitiative.com/advisories/ZDI-10-087/

http://www.zerodayinitiative.com/advisories/ZDI-10-088/

http://www.zerodayinitiative.com/advisories/ZDI-10-089/

http://www.nessus.org/u?19865c37

http://seclists.org/fulldisclosure/2010/May/130

http://seclists.org/fulldisclosure/2010/May/131

http://seclists.org/fulldisclosure/2010/May/132

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php

http://www.coresecurity.com/content/adobe-director-invalid-read

http://www.adobe.com/support/security/bulletins/apsb10-12.html

Plugin Details

Severity: High

ID: 80172

File Name: macosx_shockwave_player_apsb10-12.nasl

Version: 1.5

Type: local

Agent: macosx

Published: 12/22/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:adobe:shockwave_player

Required KB Items: installed_sw/Shockwave Player, Host/MacOSX/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/11/2010

Vulnerability Publication Date: 5/11/2010

Reference Information

CVE: CVE-2010-0127, CVE-2010-0128, CVE-2010-0129, CVE-2010-0130, CVE-2010-0986, CVE-2010-0987, CVE-2010-1280, CVE-2010-1281, CVE-2010-1282, CVE-2010-1283, CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1288, CVE-2010-1289, CVE-2010-1290, CVE-2010-1291, CVE-2010-1292

BID: 40076, 40077, 40078, 40079, 40081, 40082, 40083, 40084, 40085, 40086, 40087, 40088, 40089, 40090, 40091, 40093, 40094, 40096