|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Adobe Shockwave Player: several vulnerabilities
Synthesis of the vulnerability
Several Adobe Shockwave Player vulnerabilities can be used by an attacker to execute code or to create a denial of service.
Vulnerable software: Shockwave Player.
Severity of this announce: 4/4.
Consequences of an intrusion: user access/rights.
Attacker's origin: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 10/04/2013.
Références of this computer vulnerability: APSB13-12, BID-58971, BID-58980, BID-58982, BID-58983, BID-58984, CERTA-2013-AVI-236, CVE-2013-1383, CVE-2013-1384, CVE-2013-1385, CVE-2013-1386, FGA-2013-14, VIGILANCE-VUL-12643.
Description of the vulnerability
Several Adobe Shockwave Player vulnerabilities were announced.
An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-58984, CVE-2013-1383]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-58982, CVE-2013-1384, FGA-2013-14]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-58980, CVE-2013-1386]
An attacker can obtain information on the memory structure, in order to bypass ASLR. [severity:1/4; BID-58983, CVE-2013-1385]
An attacker can therefore invite the victim to display a malicious Shockwave object, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a system vulnerability workaround. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.