Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability announce CVE-2011-2446 CVE-2011-2447 CVE-2011-2448

Adobe Shockwave Player: several vulnerabilities

Synthesis of the vulnerability

Several Adobe Shockwave Player vulnerabilities can be used by an attacker to execute code or to create a denial of service.
Severity: 3/4.
Creation date: 08/11/2011.

Impacted products

Description of the vulnerability

Several Adobe Shockwave Player vulnerabilities were announced.

An attacker can create a memory corruption in the DIRapi library via a PAMM atom. [severity:3/4; BID-50581, CAL-2011-0052, CERTA-2011-AVI-625, CVE-2011-2446, >]

An attacker can create a memory corruption in TextXtra.x32. [severity:3/4; BID-50584, CORE-2011-0825, CVE-2011-2447, >]

An attacker can create a memory corruption in the DIRapi library via a rcsl chunk. [severity:3/4; BID-50583, CAL-2011-0054, CVE-2011-2448, >]

An attacker can create several memory corruptions in the TextXtra module. [severity:3/4; BID-50586, CVE-2011-2449, >]

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter Yahoo 

Complete Vigil@nce bulletin

Adobe Shockwave Player: several vulnerabilities

Characteristics

Title: Adobe Shockwave Player: several vulnerabilities.
Keywords: Adobe CAL-2011-0052 CAL-2011-0054 CERTA-2011-AVI-625 CORE-2011-0825 DIRapi PAMM Player Shockwave TextXtra several vulnerabilities x32.
Identifiers: APSB11-27, BID-50581, BID-50583, BID-50584, BID-50586, CAL-2011-0052, CAL-2011-0054, CERTA-2011-AVI-625, CORE-2011-0825, CVE-2011-2446, CVE-2011-2447, CVE-2011-2448, CVE-2011-2449, VIGILANCE-VUL-11132.

Information sources

Publications and announces
Source example: Security update available for Adobe Shockwave Player

Solutions for this vulnerability

Patch or workaround

Supplements

Vulnerability : CVE-2011-2446

An attacker can create a memory corruption in the DIRapi library via a PAMM atom.
Severity: 3/4.
Identifiers: BID-50581, CAL-2011-0052, CERTA-2011-AVI-625, CVE-2011-2446.
Publications and announces

Vulnerability : CVE-2011-2447

An attacker can create a memory corruption in TextXtra.x32.
Severity: 3/4.
Identifiers: BID-50584, CORE-2011-0825, CVE-2011-2447.
Publications and announces

Vulnerability : CVE-2011-2448

An attacker can create a memory corruption in the DIRapi library via a rcsl chunk.
Severity: 3/4.
Identifiers: BID-50583, CAL-2011-0054, CVE-2011-2448.
Publications and announces

Vulnerability : CVE-2011-2449

An attacker can create several memory corruptions in the TextXtra module.
Severity: 3/4.
Identifiers: BID-50586, CVE-2011-2449.

Computer vulnerabilities tracking service

Vigil@nce provides applications vulnerabilities alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.



















Copyright 1999-2012 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française