The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability bulletin CVE-2013-1383 CVE-2013-1384 CVE-2013-1385

Adobe Shockwave Player: several vulnerabilities

Synthesis of the vulnerability

Several Adobe Shockwave Player vulnerabilities can be used by an attacker to execute code or to create a denial of service.
Vulnerable software: Shockwave Player.
Severity of this announce: 4/4.
Consequences of an intrusion: user access/rights.
Attacker's origin: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 10/04/2013.
Références of this computer vulnerability: APSB13-12, BID-58971, BID-58980, BID-58982, BID-58983, BID-58984, CERTA-2013-AVI-236, CVE-2013-1383, CVE-2013-1384, CVE-2013-1385, CVE-2013-1386, FGA-2013-14, VIGILANCE-VUL-12643.

Description of the vulnerability

Several Adobe Shockwave Player vulnerabilities were announced.

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-58984, CVE-2013-1383]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-58982, CVE-2013-1384, FGA-2013-14]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-58980, CVE-2013-1386]

An attacker can obtain information on the memory structure, in order to bypass ASLR. [severity:1/4; BID-58983, CVE-2013-1385]

An attacker can therefore invite the victim to display a malicious Shockwave object, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a system vulnerability workaround. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.