V-009: Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote Users Execute Arbitrary Code

October 24, 2012 - 6:00am

PROBLEM:

Adobe Shockwave Player Buffer Overflows and Array Error Lets Remote Users Execute Arbitrary Code

PLATFORM:

Adobe Shockwave Player 11.6.7.637 and earlier versions for Windows and Macintosh

ABSTRACT:

Several vulnerabilities were reported in Adobe Shockwave.

IMPACT ASSESSMENT:

High

DISCUSSION:

A remote user can create specially crafted content that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system [CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, CVE-2012-4175, CVE-2012-5273]. The code will run with the privileges of the target user.

A remote user can create specially crafted content that, when loaded by the target user, will trigger an out-of-bounds array error and execute arbitrary code on the target system [CVE-2012-4176].

IMPACT:

A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

SOLUTION:

The vendor has issued a fix (11.6.8.638).

Energy.gov

Office of the Chief Information Officer

Office of the Chief Information Officer

All Offices

You are here