Adobe Shockwave Player <= 11.5.6.606 Multiple Vulnerabilities (APSB10-12) (Mac OS X)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host contains a web browser plugin that is
affected by multiple vulnerabilities.

Description :

The remote Mac OS X host contains a version of Adobe Shockwave Player
that is 11.5.6.606 or earlier. It is, therefore, affected by multiple
vulnerabilities :

- Processing specially crafted FFFFFF45h Shockwave
3D blocks results in memory corruption. (CVE-2010-0127,
CVE-2010-1283)

- A signedness error leads to memory corruption when
processing specially crafted Director files.
(CVE-2010-0128)

- An array indexing error leads to memory corruption when
processing specially crafted Director files.
(CVE-2010-0129)

- An integer overflow vulnerability leads to memory
corruption when processing specially crafted Director
files. (CVE-2010-0130)

- An unspecified error when processing asset entries
in Director files leads to memory corruption.
(CVE-2010-0986)

- A boundary error when processing embedded fonts from a
Directory file leads to memory corruption.
(CVE-2010-0987)

- An unspecified error when processing Director files
results in memory corruption. (CVE-2010-1280)

- Several unspecified memory corruption vulnerabilities.
(CVE-2010-1281, CVE-2010-1282, CVE-2010-1284,
CVE-2010-1286, CVE-2010-1287, CVE-2010-1288,
CVE-2010-1289, CVE-2010-1290, CVE-2010-1291,
CVE-2010-1292)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-10-087/
http://www.zerodayinitiative.com/advisories/ZDI-10-088/
http://www.zerodayinitiative.com/advisories/ZDI-10-089/
http://www.nessus.org/u?19865c37
http://seclists.org/fulldisclosure/2010/May/130
http://seclists.org/fulldisclosure/2010/May/131
http://seclists.org/fulldisclosure/2010/May/132
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php
http://www.coresecurity.com/content/adobe-director-invalid-read
http://www.adobe.com/support/security/bulletins/apsb10-12.html

Solution :

Upgrade to Adobe Shockwave 11.5.7.609 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true