Users of Adobe Shockwave Player please be advised of a Chunk Parsing vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
Shockwave-SA-10/29/2010: Adobe Shockwave Player - Chunk Parsing Vulnerability
Affected Software
* Adobe Shockwave Player 11.5.8.612
Description of Vulnerability
Secunia Research has discovered a vulnerability in Adobe Shockwave
Player, which may be exploited by malicious people to compromise a
user's system.
The vulnerability is caused by a logic error in TextXtra.x32 when
parsing "DEMX" chunks. This can be exploited to cause a heap-based
buffer overflow via a specially crafted Director file as a function
does not reallocate a buffer to contain a section of data as expected,
but another function to still copy chunk data into the insufficiently
sized buffer.
Successful exploitation allows execution of arbitrary code.Read more at www.criticalwatch.com
See this Amp at http://amplify.com/u/eazc
No comments:
Post a Comment