Adobe Shockwave Player <= 11.5.9.615 (APSB11-01) (Mac OS X)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host contains a web browser plugin that is
affected by multiple vulnerabilities.

Description :

The remote Mac OS X host contains a version of Adobe Shockwave Player
that is 11.5.9.615 or earlier. It is, therefore, affected by multiple
vulnerabilities :

- Several unspecified errors exist in the 'dirapi.dll'
module that allow arbitrary code execution.
(CVE-2010-2587, CVE-2010-2588, CVE-2010-4188)

- An error exists in the 'dirapi.dll' module related to
an integer overflow that allows arbitrary code
execution. (CVE-2010-2589)

- It is reported that a use-after-free error exists in an
unspecified compatibility component related to the
'Settings' window and an unloaded, unspecified library.
This error is reported to allow arbitrary code execution
when a crafted, malicious website is visited.
(CVE-2010-4092)

- Unspecified errors exist that allow arbitrary code
execution or memory corruption. The attack vectors is
unspecified. (CVE-2010-4093, CVE-2010-4187,
CVE-2010-4190, CVE-2010-4191, CVE-2010-4192,
CVE-2010-4306, CVE-2011-0555)

- An input validation error exists in the 'IML32' module
that allows arbitrary code execution when processing the
global color table size of a GIF image contained in a
Director movie. (CVE-2010-4189)

- An unspecified input validation error exists that allows
arbitrary code execution through unspecified vectors.
(CVE-2010-4193)

- An unspecified input validation error exists in the
'dirapi.dll' module that allows arbitrary code execution
through unspecified vectors. (CVE-2010-4194)

- An integer overflow error exists in the '3D Assets'
module when parsing 3D assets containing the record
type '0xFFFFFF45'. This error allows arbitrary code
execution. (CVE-2010-4196)

- An input validation error exists in the 'DEMUX' chunks
parsing portion of the 'TextXtra.x32' module. This
error allows arbitrary code execution. (CVE-2010-4195)

- An unspecified buffer overflow error exists that allows
arbitrary code execution through unspecified vectors.
(CVE-2010-4307)

- An error exists in the 'PFR1' chunks parsing portion
of the 'Font Xtra.x32' module. This error allows
arbitrary code execution. (CVE-2011-0556)

- An unspecified integer overflow error exists that allows
arbitrary code execution through unspecified vectors
(CVE-2011-0557)

- An error exists in the 'Font Xtra.x32' module related
to signedness that allows arbitrary code execution.
(CVE-2011-0569)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-078/
http://www.zerodayinitiative.com/advisories/ZDI-11-079/
http://www.zerodayinitiative.com/advisories/ZDI-11-080/
http://www.adobe.com/support/security/bulletins/apsb11-01.html

Solution :

Upgrade to Adobe Shockwave 11.5.9.620 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.5
(CVSS2#E:U/RL:U/RC:ND)
Public Exploit Available : false