Info

Disclosure

Aug 09, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Aug 09, 2011

Description

A memory corruption flaw exists in Adobe Shockwave Player. The program fails to sanitize unspecified user-supplied input, resulting in memory corruption. Through unspecified means, a context-dependent attacker can execute arbitrary code.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

Upgrade to version 11.6.1.629 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Adobe Systems Incorporated

Shockwave Player

11.6.0.626

References

CVE ID: 2010-4309 (see also: NVD)
Secunia Advisory ID: 45584
Bugtraq ID: 49102
Related OSVDB ID: 74423 74425 74426 74427 74428 74429
Vendor Specific Advisory URL: http://www.adobe.com/support/security/bulletins/apsb11-19.html
CERT: TA11-222A

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/74424