Thursday, February 10, 2011

Shockwave Player Update

Adobe has released updated version of their Shockwave Player. The new version fixes a bunch of vulnerabilities:
- a memory corruption vulnerability in the dirapi.dll module that could lead to code execution (CVE-2010-2587).
- a memory corruption vulnerability in the dirapi.dll module that could lead to code execution (CVE-2010-2588).
- an integer overflow vulnerability in the dirapi.dll module that could lead to code execution (CVE-2010-2589).
- a use-after-free vulnerability that could lead to code execution (CVE-2010-4092).
- a memory corruption vulnerability that could lead to code execution (CVE-2010-4093).
- a memory corruption vulnerability that could lead to code execution (CVE-2010-4187).
- a memory corruption vulnerability in the dirapi.dll module that could lead to code execution (CVE-2010-4188).
- a memory corruption vulnerability in the IML32 module that could lead to code execution (CVE-2010-4189).
- a memory corruption vulnerability that could lead to code execution (CVE-2010-4190).
- a memory corruption vulnerability that could lead to code execution (CVE-2010-4191).
- a memory corruption vulnerability that could lead to code execution (CVE-2010-4192).
- an input validation vulnerability that could lead to code execution (CVE-2010-4193).
- an input validation vulnerability in the dirapi.dll module that could lead to code execution (CVE-2010-4194).
- an input validation vulnerability in the TextXtra module that could lead to code execution (CVE-2010-4195).
- an input validation vulnerability in the Shockwave 3d Asset module that could lead to code execution (CVE-2010-4196).
- a memory corruption vulnerability that could lead to code execution (CVE-2010-4306).
- a buffer overflow vulnerability that could lead to code execution (CVE-2010-4307).
- a memory corruption vulnerability that could lead to code execution (CVE-2011-0555).
- a memory corruption vulnerability in the Font Xtra.x32 module that could lead to code execution (CVE-2011-0556).
- an integer overflow vulnerability that could lead to code execution (CVE-2011-0557).
- a memory corruption vulnerability in the Font Xtra.x32 module that could lead to code execution (CVE-2011-0569).



Users of Adobe Shockwave Player 11.5.9.615 and earlier should update to Adobe Shockwave Player 11.5.9.620. More information can be read from Adobe's security bulletin.
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)