PROBLEM:
Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code
PLATFORM:
11.6.4.634 and prior
ABSTRACT:
Multiple vulnerabilities were reported in Adobe Shockwave Player. A remote user can cause arbitrary code to be executed on the target user's system.
reference LINKS:
SecurityTracker Alert ID: 1027037
CVE-2012-2029
CVE-2012-2030
CVE-2012-2031
CVE-2012-2032
CVE-2012-2033
IMPACT ASSESSMENT:
High
Discussion:
A remote user can create specially crafted Shockwave content that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user.
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:
The vendor has issued a fix (11.6.5.635).