| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <201106142316.p5ENGmQI030048@sf01web2.securityfocus.com> Date: Tue, 14 Jun 2011 23:16:48 GMT From: signaladvisory@...il.com To: bugtraq@...urityfocus.com Subject: [BGA - SignalSEC Advisory]:Adobe Shockwave Player Remote Code Execution Affected Vendors: Adobe Affected Products: Shockwave Player CVE ID: CVE-2011-2122 Risk Level: High Vulnerability: Memory Corruption Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to trigger this vulnerability in that the target must visit a malicious page or open a malicious file. A memory corruption vulnerability in the Dirapi.dll component that could lead to code execution. By crafting specific values within rcsL substructures an attacker can corrupt memory. Disclosure Timeline: 2011-02-14 - Vulnerability reported to vendor 2011-06-14 - Coordinated public release of advisory Vendor Response: Adobe has released a patch for this issue. More details can be found at: http://www.adobe.com/support/security/bulletins/apsb11-17.html Credit: This vulnerability was discovered by Celil UNUVER from BGA and SignalSEC About BGA: BGA InfoSec Academy is a company located in Turkey which provides information security trainings, penetration testing , malware analysis and software security audit services. www.bga.com.tr --- About SignalSEC: SignalSEC is a company located in Turkey which provides vulnerability , cyber threat intelligence and research services. www.signalsec.com
Powered by blists - more mailing lists