OSVDB ID: 73028

Title: Adobe Shockwave Player IML32.dll Component Unspecified Memory Corruption

Info

Disclosure

Jun 15, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jun 14, 2011

Description

A memory corruption flaw exists in Adobe Shockwave Player. The IML32.dll component fails to sanitize user-supplied input when an unspecified error occurs resulting in memory corruption. This may allow an attacker to execute arbitrary code.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: RBS Confirmed, Vendor Verified, Coordinated Disclosure

Solution

Upgrade to version 11.6.0.626 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Adobe Systems Incorporated

Shockwave Player

11.5.9.620

References

CVE ID: 2011-2111 (see also: NVD)
Secunia Advisory ID: 43811
Related OSVDB ID: 73010 73011 73012 73013 73014 73015 73016 73017 73018 73019 73020 73021 73022 73023 73024 73025 73026 73027 73029 73030 73031 73032 73033 73034
Other Advisory URL: http://dvlabs.tippingpoint.com/advisory/TPTI-11-07
http://dvlabs.tippingpoint.com/advisory/TPTI-11-08
http://dvlabs.tippingpoint.com/advisory/TPTI-11-09
http://secunia.com/secunia_research/2011-46/
http://secunia.com/secunia_research/2011-47/
http://www.zerodayinitiative.com/advisories/ZDI-11-206
http://www.zerodayinitiative.com/advisories/ZDI-11-212
Mail List Post: http://seclists.org/fulldisclosure/2011/Jun/311
http://seclists.org/fulldisclosure/2011/Jun/318
http://seclists.org/fulldisclosure/2011/Jun/336
http://seclists.org/fulldisclosure/2011/Jun/337
http://seclists.org/fulldisclosure/2011/Jun/338
Vendor Specific Advisory URL: http://www.adobe.com/support/security/bulletins/apsb11-17.html
CERT: TA11-166A

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/73028