Adobe Shockwave Player Lnam Chunk Processing Buffer Overflow (APSB10-25; CVE-2010-3655)

Vulnerability
Protection

Check Point Reference:	CPAI-2011-322
Date Published:
Severity:
Source:	Adobe Security Bulletin APSB11-25
Industry Reference(s):	CVE-2010-3655
Protection Provided by:	Security Gateway R70 R71 R75
Who is Vulnerable? Adobe Systems Shockwave Player 11.5.8.612 and Prior
Vulnerability Description A code execution vulnerability has been identified in Adobe Shockwave Player. A remote attacker can exploit this issue by enticing a user to open a malicious DIR file. Successful exploitation of this vulnerability would lead to code execution.

Vulnerability Details
This is a code execution vulnerability. The vulnerability is due to an error in Adobe Shockwave Player while parsing stringArray structures inside Lman chunks in crafted Director files. Successful exploitation of this vulnerability would lead to code execution.

Protection Overview
This protection will detect and block the transferring of malformed .dir files over HTTP

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R75 / R71 / R70

How Can I Protect My Network?
1. In the IPS tab, click Protections and find the Adobe Shockwave Player Lnam Chunk Processing Buffer Overflow (APSB10-25) protection using the Search tool and Edit the protection's settings.
2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Adobe Shockwave Protection Violation
Attack Information: Adobe Shockwave Player Lnam chunk processing buffer overflow (APSB10-25)

Legal Notice for Threat Center Advisories