You are here

U-166: Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code

May 10, 2012 - 7:00am

Addthis

PROBLEM:

Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code

PLATFORM:

11.6.4.634 and prior

ABSTRACT:

Multiple vulnerabilities were reported in Adobe Shockwave Player. A remote user can cause arbitrary code to be executed on the target user's system.

reference LINKS:

SecurityTracker Alert ID: 1027037
CVE-2012-2029
CVE-2012-2030
CVE-2012-2031
CVE-2012-2032
CVE-2012-2033

IMPACT ASSESSMENT:

High

Discussion:

A remote user can create specially crafted Shockwave content that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Impact:

A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution:

The vendor has issued a fix (11.6.5.635).

Addthis