Users of Adobe Shockwave Player please be advised of a Chunk Parsing vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
Shockwave-SA-10/28/2010: Adobe Shockwave Player - Chunk Parsing Vulnerability
Affected Software
* Adobe Shockwave Player 11.5.8.612
Description of Vulnerability
Secunia Research has discovered a vulnerability in Adobe Shockwave
Player, which may be exploited by malicious people to compromise a
user's system.
The vulnerability is caused by a function in dirapi.dll not validating
the size and number of sub-chunks inside a "pamm" chunk during initial
parsing of the sub-chunks. This can be exploited to corrupt memory
outside the bounds of a buffer allocated for the "pamm" data via a
specially crafted Director file.
Successful exploitation may allow execution of arbitrary code.Read more at www.criticalwatch.com
See this Amp at http://amplify.com/u/eayv
No comments:
Post a Comment