Adobe Shockwave Player CVE-2013-1384 Memory Corruption Vulnerability

Bugtraq ID:	58982
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Apr 09 2013 12:00AM
Updated:	Apr 09 2013 12:00AM
Credit:	Honggang Ren of Fortinet's FortiGuard Labs
Vulnerable:	Adobe Shockwave Player 11.5.7 .609 Adobe Shockwave Player 11.5.6 .606 Adobe Shockwave Player 11.5.2 .606 Adobe Shockwave Player 11.5.2 .602 Adobe Shockwave Player 11.5.1 .601 Adobe Shockwave Player 11.5 .601 Adobe Shockwave Player 11.5 .600 Adobe Shockwave Player 11.5 .596 Adobe Shockwave Player 10.2 .023 Adobe Shockwave Player 9.0.432 Adobe Shockwave Player 9.0.383 Adobe Shockwave Player 8.5.325 Adobe Shockwave Player 8.5.324 Adobe Shockwave Player 8.5.323 Adobe Shockwave Player 8.5.321 Adobe Shockwave Player 8.5.1.106 Adobe Shockwave Player 8.5.1.105 Adobe Shockwave Player 8.5.1.103 Adobe Shockwave Player 8.5.1.100 Adobe Shockwave Player 8.0.205 Adobe Shockwave Player 8.0.204 Adobe Shockwave Player 8.0.196A Adobe Shockwave Player 8.0.196 Adobe Shockwave Player 11.6.4.634 Adobe Shockwave Player 11.6.3.633 Adobe Shockwave Player 11.6.1.629 Adobe Shockwave Player 11.6.0.626 Adobe Shockwave Player 11.5.9.620 Adobe Shockwave Player 11.5.9.615 Adobe Shockwave Player 11.5.8.612 Adobe Shockwave Player 11.5.0.595 Adobe Shockwave Player 11.0.3.471 Adobe Shockwave Player 11.0.0.456 Adobe Shockwave Player 11 Adobe Shockwave Player 10.2.0.022 Adobe Shockwave Player 10.2.0.021 Adobe Shockwave Player 10.1.4.020 Adobe Shockwave Player 10.1.1.016 Adobe Shockwave Player 10.1.0.011 Adobe Shockwave Player 10.0.1.004 Adobe Shockwave Player 10.0.0.210 Adobe Shockwave Player 10
Not Vulnerable:

Adobe Shockwave Player CVE-2013-1384 Memory Corruption Vulnerability

Adobe Shockwave Player is prone to an unspecified remote memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Limited information is available regarding this issue. This BID will be updated as more information becomes available.

Adobe Shockwave Player versions 12.0.0.112 and prior are vulnerable.

Note: This issue was previously discussed in BID 58971 (Adobe Shockwave Player APSB13-12 Multiple Security Vulnerabilities), but has been moved to its own record to better document it.

Adobe Shockwave Player CVE-2013-1384 Memory Corruption Vulnerability

Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Adobe Shockwave Player CVE-2013-1384 Memory Corruption Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Adobe Shockwave Player CVE-2013-1384 Memory Corruption Vulnerability

References:

• Adobe Homepage (Adobe)