Adobe Shockwave Player Chunk Parsing Out of Bounds (APSB12-13; CVE-2012-2031)

Vulnerability
Protection

Check Point Reference:	CPAI-2012-314
Date Published:
Severity:
Source:	Adobe Security Advisory APSB12-13
Industry Reference(s):	CVE-2012-2031
Protection Provided by:	Security Gateway R75
Who is Vulnerable? Adobe Systems Shockwave Player 11.6.4.634 and prior
Vulnerability Description A remote code execution vulnerability has been reported in Adobe Shockwave player.

Vulnerability Details
The vulnerability is due to a memory corruption error while parsing crafted data in an rcsL chunk within a DIR media file. A remote attacker can exploit this issue by enticing a target user to open a specially crafted DIR or DCR file with an affected version of Shockwave Player. Successful exploitation could allow an attacker to execute arbitrary code in the security context of the logged-on user.

Protection Overview
This protection will detect and block the transferring of a crafted Director file to the target user.

In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R75 / R71 / R70

How Can I Protect My Network?

In the IPS tab, click Protections and find the Adobe Shockwave Player Chunk Parsing Out of Bounds Array Indexing (APSB12-13) protection using the Search tool and Edit the protection's settings.
Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Adobe Shockwave Protection Violation
Attack Information: Adobe Shockwave Player Chunk Parsing Out of Bounds Array Indexing (APSB12-13)

Legal Notice for Threat Center Advisories