SB2011061701 - Multiple vulnerabilities in Adobe Shockwave Player
Published: June 17, 2011 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 25 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2011-2108)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to a "design flaw."
2) Input validation error (CVE-ID: CVE-2011-2109)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple integer overflows in Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors.
3) Buffer overflow (CVE-ID: CVE-2011-2111)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2115 and CVE-2011-2116.
4) Buffer overflow (CVE-ID: CVE-2011-2112)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple buffer overflows in IML32.dll in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors.
5) Buffer overflow (CVE-ID: CVE-2011-2113)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple buffer overflows in the Shockwave3DAsset component in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors.
6) Buffer overflow (CVE-ID: CVE-2011-2114)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2117, CVE-2011-2124, CVE-2011-2127, and CVE-2011-2128.
7) Heap-based buffer overflow (CVE-ID: CVE-2011-2115)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in IML32.dll in Adobe Shockwave Player before 11.6.0.626. A remote attacker can use a crafted tSAC chunk to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Buffer overflow (CVE-ID: CVE-2011-2116)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2111 and CVE-2011-2115.
9) Buffer overflow (CVE-ID: CVE-2011-2117)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2124, CVE-2011-2127, and CVE-2011-2128.
10) Input validation error (CVE-ID: CVE-2011-2118)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to an "input validation vulnerability."
11) Buffer overflow (CVE-ID: CVE-2011-2119)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2122.
12) Input validation error (CVE-ID: CVE-2011-2120)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Integer overflow in the CursorAsset x32 component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.
13) Input validation error (CVE-ID: CVE-2011-2121)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Integer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.
14) Buffer overflow (CVE-ID: CVE-2011-2122)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to rcsL substructures, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2119.
15) Heap-based buffer overflow (CVE-ID: CVE-2011-2123)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Integer overflow in the Shockwave 3D Asset x32 component in Adobe Shockwave Player before 11.6.0.626. A remote attacker can use a crafted subrecord in a DEMX chunk to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Buffer overflow (CVE-ID: CVE-2011-2124)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2117, CVE-2011-2127, and CVE-2011-2128.
17) Buffer overflow (CVE-ID: CVE-2011-2125)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in Dirapix.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.
18) Buffer overflow (CVE-ID: CVE-2011-2126)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.
19) Buffer overflow (CVE-ID: CVE-2011-2127)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2117, CVE-2011-2124, and CVE-2011-2128.
20) Buffer overflow (CVE-ID: CVE-2011-2128)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2117, CVE-2011-2124, and CVE-2011-2127.
21) Buffer overflow (CVE-ID: CVE-2011-0317)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.
22) Buffer overflow (CVE-ID: CVE-2011-0318)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.
23) Buffer overflow (CVE-ID: CVE-2011-0319)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.
24) Buffer overflow (CVE-ID: CVE-2011-0320)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.
25) Buffer overflow (CVE-ID: CVE-2011-0335)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-2119, and CVE-2011-2122.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- http://osvdb.org/73012
- http://www.adobe.com/support/security/bulletins/apsb11-17.html
- http://www.securityfocus.com/bid/48311
- http://www.us-cert.gov/cas/techalerts/TA11-166A.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68033
- http://osvdb.org/73033
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=919
- http://osvdb.org/73034
- http://osvdb.org/73029
- http://www.securityfocus.com/archive/1/518439/100/0/threaded
- http://www.securityfocus.com/bid/48297
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=922
- http://osvdb.org/73019
- http://www.securityfocus.com/bid/48294
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68048
- http://osvdb.org/73015
- http://www.securityfocus.com/bid/48308
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68049
- http://osvdb.org/73011
- http://www.securityfocus.com/bid/48309
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68050
- http://osvdb.org/73032
- http://www.securityfocus.com/bid/48289
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68051
- http://osvdb.org/73027
- http://www.securityfocus.com/bid/48290
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68052