Adobe Shockwave player multiple vulnerabilities

Multiple vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user’s system, according to Secunia.

1. An unspecified error in dirapi.dll can be exploited to corrupt memory.

2. An unspecified error in dirapi.dll can be exploited to corrupt memory.

3. An unspecified error in dirapi.dll can be exploited to corrupt memory.

4. An unspecified error in dirapi.dll can be exploited to corrupt memory.

5. Unspecified errors in dirapi.dll can be exploited to corrupt memory.

6. An input validation error in dirapi.dll when calculating offsets into buffers based on various 16-bit values in rcsL chunks can be exploited to corrupt memory.

7. A logic error in dirapi.dll when a xtcL chunk is not present as expected results in use of uninitialised memory.

8. An integer overflow error in dirapi.dll when parsing certain 16-bit fields in rcsL chunks can be exploited to cause heap-based buffer overflows.

9. An error in dirapi.dll when parsing rcsL chunks can be exploited to cause a heap-based buffer overflow as a size value is calculating based on two pointer values without ensuring that the first pointer value is greater than the second pointer value.

10. An unspecified design flaw exists in an unspecified component.

11. An integer overflow error in dirapi.dll when parsing rcsL chunks can be exploited to cause a heap-based buffer overflow.

12. A boundary error in “Font Asset.x32” when parsing font-related structures can be exploited to cause stack-based buffer overflows.

13. Multiple unspecified errors exist in IML32.dll.

14. Integer overflow errors in a function used to calculate how much space is required for storing a specified amount of DEMX data of a specified type can be exploited to cause buffer overflows.

15. An integer overflow error in a function used to create a structure for storing DEMX data can be exploited to cause heap-based buffer overflows.

16. An error when allocating buffers based on sizes obtained from KEY* chunks can be exploited to cause a heap-based buffer overflow as an allocated buffer may not be sufficiently sized to contain the minimum amount of data being copied.

17. An integer underflow error in IML32.dll when e.g. decompressing embedded GIF images can be exploited to corrupt memory.

18. Missing input validation in TextXtra.x32 within a function designed to read data into a buffer based on size values obtained from DEMX chunks can be exploited to cause buffer overflows.

19. An error when extracting strings from embedded media objects can be exploited to write a NULL byte to an arbitrary memory location.

20. An error in dirapi.dll when parsing CASt chunks can be exploited to cause buffer overflows as size values are not properly checked before being used in a call to memmove().

21. An integer overflow error in IML32.dll when allocating buffers to e.g. contain data from rcsL chunks can be exploited to cause a heap-based buffer overflow.

22. An integer overflow error in TextXtra.x32 when parsing text elements can be exploited to cause heap-based buffer overflows.

23. An integer overflow error when allocating memory for substructures within xtcL chunks can be exploited to cause heap-based buffer overflows.

24. An integer overflow error in the Shockwave3DAsset component when parsing DEMX chunks can be exploited to cause a heap-based buffer overflow.

25. Missing input validation within the parsing of certain structures in rcsL chunks can be exploited to corrupt memory as an offset is trusted when calculating a pointer value.

26. Multiple unspecified errors in IML32.dll can be exploited to corrupt memory.

27. An unspecified error in IML32.dll can be exploited to corrupt memory.

28. A logic error when attempting to reallocate memory based on DEMX data may result in memory not being reallocated as expected and can be exploited to cause heap-based buffer overflows.

29. An input validation error exists in the the FLV ASSET Xtra component.

30. A logic error in dirapi.dll when parsing substructures within rcsL chunks can be exploited to trigger misallocation of buffers and cause heap-based buffer overflows.

31. An integer overflow error in the CursorAsset x32 component when parsing cursor structures can be exploited to cause a heap-based buffer overflow.

32. An integer overflow error in AudioMixer.x32 when parsing mixer structures can be exploited to cause a heap-based buffer overflow.

33. An unspecified error in dirapi.dll can be exploited to corrupt memory.

34. An integer overflow error exists in the Shockwave 3D Asset x32 component.

35. A logic error when attempting to allocate memory for DEMX data using overly large sizes may result in memory not being allocated as expected and can be exploited to corrupt memory.

36. An error in Dirapix.dll can be exploited to cause a buffer overflow.

37. An unspecified error can be exploited to cause a buffer overflow.

38. An unspecified error can be exploited to corrupt memory.

39. An input validation error when parsing DEMX chunks causes an invalid value to be used as a loop counter when writing data, which can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

The vulnerabilities are reported in version 11.5.9.620. Other versions may also be affected.

Solution: Update to version 11.6.0.626.




Share this