Shockwave Player < 11.5.9.620 (APSB11-01)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a web browser plugin that is
affected by multiple vulnerabilities.

Description :

The remote Windows host contains a version of Adobe's Shockwave
Player that is earlier than 11.5.9.620. Such versions are potentially
affected by the following issues :

- Several unspecified errors exist in the 'dirapi.dll'
module that may allow arbitrary code execution.
(CVE-2010-2587, CVE-2010-2588, CVE-2010-4188)

- An error exists in the 'dirapi.dll' module related to
an integer overflow and that may allow arbitrary code
execution. (CVE-2010-2589)

- It is reported that a use-after-free error exists in an
unspecified compatibility component related to the
'Settings' window and an unloaded, unspecified library.
This error is reported to allow arbitrary code execution
when a crafted, malicious website is visited.
(CVE-2010-4092)

- Unspecified errors exist that may allow arbitrary
code execution or memory corruption. The attack vectors
is unspecified. (CVE-2010-4093, CVE-2010-4187,
CVE-2010-4190, CVE-2010-4191, CVE-2010-4192,
CVE-2010-4306, CVE-2011-0555)

- An input validation error exists in the 'IML32' module
that may allow arbitrary code execution when processing
global color table size of a GIF image contained in a
Director movie. (CVE-2010-4189)

- An unspecified input validation error exists that may
allow arbitrary code execution through unspecified
vectors. (CVE-2010-4193)

- An unspecified input validation error exists in the
'dirapi.dll' module that may allow arbitrary code
execution through unspecified vectors. (CVE-2010-4194)

- An integer overflow error exists in the '3D Assets'
module when parsing 3D assets containing the record
type '0xFFFFFF45'. This error may allow arbitrary code
execution. (CVE-2010-4196)

- An input validation error exists in the 'DEMUX' chunks
parsing portion of the 'TextXtra.x32' module. This
error may allow arbitrary code execution.
(CVE-2010-4195)

- An unspecified buffer overflow error exists that may
allow arbitrary code execution through unspecified
vectors. (CVE-2010-4307)

- An error exists in the 'PFR1' chunks parsing portion
of the 'Font Xtra.x32' module. This error may allow
arbitrary code execution. (CVE-2011-0556)

- An unspecified integer overflow error exists that may
allow arbitrary code execution through unspecified
vectors.(CVE-2011-0557)

- An error exists in the 'Font Xtra.x32' module related
to signedness that may allow arbitrary code execution.
(CVE-2011-0569)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-078/
http://www.zerodayinitiative.com/advisories/ZDI-11-079/
http://www.zerodayinitiative.com/advisories/ZDI-11-080/
http://www.adobe.com/support/security/bulletins/apsb11-01.html

Solution :

Upgrade to Adobe Shockwave 11.5.9.620 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.5
(CVSS2#E:U/RL:U/RC:ND)
Public Exploit Available : false