RETIRED: Adobe Shockwave Player APSB13-12 Multiple Security Vulnerabilities
BID:58971
Info
RETIRED: Adobe Shockwave Player APSB13-12 Multiple Security Vulnerabilities
| Bugtraq ID: | 58971 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 09 2013 12:00AM |
| Updated: | Apr 10 2013 09:28AM |
| Credit: | Honggang Ren of Fortinet's FortiGuard Labs, Aaron Portnoy of Exodus Intelligence and through iDefense's Vulnerability Contributor Program |
| Vulnerable: |
Adobe Shockwave Player 11.5.7 .609 Adobe Shockwave Player 11.5.6 .606 Adobe Shockwave Player 11.5.2 .606 Adobe Shockwave Player 11.5.2 .602 Adobe Shockwave Player 11.5.1 .601 Adobe Shockwave Player 11.5 .601 Adobe Shockwave Player 11.5 .600 Adobe Shockwave Player 11.5 .596 Adobe Shockwave Player 10.2 .023 Adobe Shockwave Player 9.0.432 Adobe Shockwave Player 9.0.383 Adobe Shockwave Player 8.5.325 Adobe Shockwave Player 8.5.324 Adobe Shockwave Player 8.5.323 Adobe Shockwave Player 8.5.321 Adobe Shockwave Player 8.5.1.106 Adobe Shockwave Player 8.5.1.105 Adobe Shockwave Player 8.5.1.103 Adobe Shockwave Player 8.5.1.100 Adobe Shockwave Player 8.0.205 Adobe Shockwave Player 8.0.204 Adobe Shockwave Player 8.0.196A Adobe Shockwave Player 8.0.196 Adobe Shockwave Player 11.6.4.634 Adobe Shockwave Player 11.6.3.633 Adobe Shockwave Player 11.6.1.629 Adobe Shockwave Player 11.6.0.626 Adobe Shockwave Player 11.5.9.620 Adobe Shockwave Player 11.5.9.615 Adobe Shockwave Player 11.5.8.612 Adobe Shockwave Player 11.5.0.595 Adobe Shockwave Player 11.0.3.471 Adobe Shockwave Player 11.0.0.456 Adobe Shockwave Player 11 Adobe Shockwave Player 10.2.0.022 Adobe Shockwave Player 10.2.0.021 Adobe Shockwave Player 10.1.4.020 Adobe Shockwave Player 10.1.1.016 Adobe Shockwave Player 10.1.0.011 Adobe Shockwave Player 10.0.1.004 Adobe Shockwave Player 10.0.0.210 Adobe Shockwave Player 10 |
| Not Vulnerable: | |
Discussion
RETIRED: Adobe Shockwave Player APSB13-12 Multiple Security Vulnerabilities
Adobe Shockwave Player is prone to multiple security vulnerabilities, including:
1. A buffer-overflow vulnerability
2. Multiple memory-corruption vulnerabilities
3. An information-disclosure vulnerability
Successful exploits may allow an attacker to disclose sensitive information and execute arbitrary code within the context of the user running the affected application. Failed attempts will likely cause a denial-of-service condition.
Limited information is available regarding these issues. This BID will be updated as more information becomes available.
Adobe Shockwave Player versions 12.0.0.112 and prior are vulnerable.
This BID is being retired. The following individual records exist to better document the issues:
58984 Adobe Shockwave Player CVE-2013-1383 Unspecified Buffer Overflow Vulnerability
58980 Adobe Shockwave Player CVE-2013-1386 Memory Corruption Vulnerability
58982 Adobe Shockwave Player CVE-2013-1384 Memory Corruption Vulnerability
58983 Adobe Shockwave Player CVE-2013-1385 Information Disclosure Vulnerability
Adobe Shockwave Player is prone to multiple security vulnerabilities, including:
1. A buffer-overflow vulnerability
2. Multiple memory-corruption vulnerabilities
3. An information-disclosure vulnerability
Successful exploits may allow an attacker to disclose sensitive information and execute arbitrary code within the context of the user running the affected application. Failed attempts will likely cause a denial-of-service condition.
Limited information is available regarding these issues. This BID will be updated as more information becomes available.
Adobe Shockwave Player versions 12.0.0.112 and prior are vulnerable.
This BID is being retired. The following individual records exist to better document the issues:
58984 Adobe Shockwave Player CVE-2013-1383 Unspecified Buffer Overflow Vulnerability
58980 Adobe Shockwave Player CVE-2013-1386 Memory Corruption Vulnerability
58982 Adobe Shockwave Player CVE-2013-1384 Memory Corruption Vulnerability
58983 Adobe Shockwave Player CVE-2013-1385 Information Disclosure Vulnerability
Exploit / POC
RETIRED: Adobe Shockwave Player APSB13-12 Multiple Security Vulnerabilities
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Adobe Shockwave Player APSB13-12 Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Adobe Shockwave Player APSB13-12 Multiple Security Vulnerabilities
References:
References:
- Adobe Homepage (Adobe)