Check Point Advisories

Preemptive Protection against Adobe Shockwave Player Director File FFFFFF88 Record Parsing Remote Code Execution Vulnerabilities (APSB11-01)

Check Point Reference: CPAI-2011-243
Date Published: 27 Apr 2011
Severity: Critical
Last Updated: Saturday 01 January, 2011
Source: Adobe Security Advisory: APSB11-01
Industry Reference:CVE-2010-2876
CVE-2010-4192
Protection Provided by:
Who is Vulnerable? Adobe Systems Shockwave Player 11.5.7.615 and prior
Vulnerability Description A code execution vulnerability exists in Adobe Shockwave player. The vulnerability is due to an integer overflow error while calculating the size value for heap memory allocation while parsing a FFFFFF88 record. Remote attackers can exploit this vulnerability by enticing target users to open a malicious DIR file using a vulnerable version of the product.
Update/Patch AvaliableAdobe has released an advisory to address this vulnerability. 
Vulnerability DetailsThe vulnerability occurs while processing specially crafted FFFFFF88 chunks in DIR movie files. Remote attackers can exploit this vulnerability by persuading a target user to open a specially crafted DIR or DCR file with a vulnerable product.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK