Adobe Shockwave Player 'DIRapi.dll' Director File Parsing Multiple Memory Corruption Vulnerabilities
23 Apr. 2012
Summary
This allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2446.
Vulnerable Systems:
* Adobe Shockwave Player 11.5.7 .609
* Adobe Shockwave Player 11.5.2 .606
* Adobe Shockwave Player 11.5.2 .602
* Adobe Shockwave Player 11.5.1 .601
* Adobe Shockwave Player 11.5 .601
* Adobe Shockwave Player 11.5 .600
* Adobe Shockwave Player 11.5 .596
* Adobe Shockwave Player 11.6.1.629
* Adobe Shockwave Player 11.6.0.626
* Adobe Shockwave Player 11.5.9.620
* Adobe Shockwave Player 11.5.9.615
* Adobe Shockwave Player 11.5.8.612
* Adobe Shockwave Player 11.5.0.595
* Adobe Shockwave Player 11.0.3.471
* Adobe Shockwave Player 11.0.0.456
* Adobe Shockwave Player 11
Immune Systems:
* Adobe Shockwave Player 11.6.3.633
Adobe Shockwave Player is prone to multiple memory-corruption vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Versions prior to Adobe Shockwave Player 11.6.3.633 are vulnerable.
Vendor Status:
Adobe as issued an update for this vulnerablity.
