The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Adobe Shockwave Player: several vulnerabilities

Synthesis of the vulnerability 

Several Adobe Shockwave Player vulnerabilities can be used by an attacker to execute code or to create a denial of service.
Vulnerable software: Shockwave Player.
Severity of this announce: 4/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 10/04/2013.
Références of this computer vulnerability: APSB13-12, BID-58971, BID-58980, BID-58982, BID-58983, BID-58984, CERTA-2013-AVI-236, CVE-2013-1383, CVE-2013-1384, CVE-2013-1385, CVE-2013-1386, FGA-2013-14, VIGILANCE-VUL-12643.

Description of the vulnerability 

Several Adobe Shockwave Player vulnerabilities were announced.

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-58984, CVE-2013-1383]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-58982, CVE-2013-1384, FGA-2013-14]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-58980, CVE-2013-1386]

An attacker can obtain information on the memory structure, in order to bypass ASLR. [severity:1/4; BID-58983, CVE-2013-1385]

An attacker can therefore invite the victim to display a malicious Shockwave object, in order to execute code on his computer.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness announce impacts software or systems such as Shockwave Player.

Our Vigil@nce team determined that the severity of this security alert is critical.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 4 vulnerabilities.

An attacker with a expert ability can exploit this vulnerability.

Solutions for this threat 

Adobe Shockwave Player: version 12.0.2.122.
The version 12.0.2.122 is fixed:
  http://get.adobe.com/shockwave/
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a system vulnerability note. The Vigil@nce vulnerability database contains several thousand vulnerabilities.