|
|
|
|
| |
Credit:
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=878
|
| |
Vulnerable Systems:
* Shockwave Player version 11.5.7.609 and earlier for Windows
* Shockwave Player version 11.5.7.609 and earlier for Macintosh
Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Shockwave Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability takes place during the processing of a tSAC chunk within an Adobe Director file. A length value is read from the tSAC chunk and a signed comparison is made against the length value. If the length value is negative, a memory address is incorrectly calculated and a null byte is written to the memory address. This condition may lead to arbitrary code execution.
Patch Availability:
Adobe has released a fix which addresses this issue:
http://get.adobe.com/shockwave/
Workaround:
The killbit for the Shockwave Player ActiveX control can be set by creating the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{233C1507-6A77-46A4-9443-F871F945D258} Under this key create a new DWORD value called "Compatibility Flags" and set its hexadecimal value to 400. To re-enable Shockwave Player set the "Compatibility Flags" value to 0.
CVE Information:
CVE-2010-2875
Disclosure Timeline:
07/07/2010 Initial Vendor Notification
07/07/2010 Initial Vendor Reply
08/24/2010 Coordinated Public Disclosure
|
|
|
|
|
