Check Point Advisories

Update Protection against Adobe Shockwave Player DIR Files PAMI Chunk Code Execution Vulnerability (APSB10-12)

Check Point Reference: CPAI-2010-084
Date Published: 26 May 2010
Severity: High
Last Updated: Friday 01 January, 2010
Source: Adobe Security Bulletin APSB10-12
Industry Reference:CVE-2010-1292
Protection Provided by:
Who is Vulnerable? Adobe Systems Shockwave Player 11.5.6.606 and Prior
Vulnerability Description A remote code execution vulnerability has been identified in Adobe Shockwave Player. Adobe Shockwave is a multimedia player that allows Adobe Director applications to be published on the Internet and viewed in a web browser by anyone who has the Shockwave plug-in installed. An attacker can exploit this issue via a specially crafted DIR file. A remote attacker may exploit this vulnerability to take complete control of an affected system.
Update/Patch AvaliableApply Hotfix:
Adobe Security Bulletin APSB10-12
Vulnerability DetailsThe vulnerability is due to an input validation error in Adobe Shockwave Player while parsing specially crafted PAMI RIFF chunk data in a DIR file. A remote attacker can exploit this issue by enticing a user to open a malicious DIR file. Successful exploitation of this vulnerability would allow arbitrary code execution.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK