IPS Research Team Discovers Six Vulnerabilities in Adobe Shockwave Player
Vulnerability
On August 24th 2010, Adobe announced an update for the Shockwave Player application that addresses several vulnerabilities, six of which were discovered by a member of the Check Point IPS Research Team.
Details
Adobe Shockwave Player is a multimedia player that allows movies, animations, and games created in Adobe Director to be published on the Internet and viewed in a web browser by anyone who has the Shockwave plug-in installed.
The Shockwave Player vulnerabilities are all caused by various issues in processing Director media files. Potential exploits of this vulnerability include:
- A denial-of-service (DoS) attack, causing a system’s internet browser to become non-responsive
- The execution of malicious code, thereby allowing an attacker to take complete control of the affected system.
Here are details about the vulnerabilities, as well as links to the protections available from Check Point:
| Shockwave Player Vulnerability | Industry Reference | Check Point Protection |
|---|---|---|
| MMAP Index Memory Corruption* | CVE-2010-2880 | CPAI-2010-249 |
| Parsing Memory Corruption* | CVE-2010-2864 | CPAI-2010-253 |
| MCsL Parsing Memory Corruption* | CVE-2010-2881 | CPAI-2010-253 |
| CASt Parsing Memory Corruption* | CVE-2010-2868 | CPAI-2010-252 |
| IML32.dll XtcL Denial of Service* | CVE-2010-2869 | CPAI-2010-251 |
| rcsL Chunk Symbol Access Violations* | CVE-2010-2882 | CPAI-2010-254 |
| rcsL Chunk Pointer Offset Heap Overflow | CVE-2010-2867 | CPAI-2010-244 |
| DIRAPI.dll Denial of Service | CVE-2010-2865 | CPAI-2010-245 |
| IML32.dll Memory Corruption | CVE-2010-2864 | CPAI-2010-248 |
| MMAP Size Memory Corruption | CVE-2010-2870 | CPAI-2010-250 |
* Indicates a vulnerability discovered by the Check Point IPS Research Team
Affected Products
These vulnerabilities exist in of Shockwave Player versions 11.5.7.609 and earlier.
Solution
Check Point recommends applying the latest vendor patches. You can also get immediate protection for unpatched systems by applying the latest IPS updates. The IPS Software Blade will then detect and block malformed Director media files from being transferred over HTTP.
Acknowledgements
Acknowledgements go to Rodrigo Rubira Branco, a member of the Check Point IPS Research Team, for discovering and reporting six of the vulnerabilities as noted in the table above.
The Check Point IPS Research team conducts original research on network, protocol and application vulnerabilities. The team also actively monitors and where appropriate communicates with white, black and grayhat communities to identify vulnerabilities and potential exploits before they are introduced into the wild. This research is used to develop and disseminate defenses through relevant Update Services components.
Published August 25, 2010
Updated August 26, 2010