Info

Disclosure

May 11, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

May 11, 2010

Description

A memory corruption flaw exists in Adobe Shockwave Player. The program fails to sanitize user-supplied input resulting in memory corruption. This may allow an attacker to execute arbitrary code.

Classification

Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Solution: Upgrade
Disclosure: Vendor Verified

Solution

Upgrade to version 11.5.7.609 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Adobe Systems Incorporated

Shockwave Player

11.5.6.606

References

CVE ID: 2010-1287 (see also: NVD)
Secunia Advisory ID: 38751
VUPEN Advisory: ADV-2010-1128
Vendor Specific News/Changelog Entry: http://www.adobe.com/support/security/bulletins/apsb10-12.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/64652