Release date: 2011-12-14
Updated on: 2011-12-14
Affected Systems:
Adobe Shockwave Player 11.x
Unaffected system:
Adobe Shockwave Player 11.6.0.626
Description:
--------------------------------------------------------------------------------
Bugtraq id: 48309
Cve id: CVE-2011-2126
Adobe Shockwave Player is a plug-in software for playing web pages created by Director Shockwave Studio.
When Adobe Shockwave Player processes maliciously constructed FLST records, especially when copying record data to a fixed heap buffer, There is a buffer overflow vulnerability in implementation, attackers can exploit this vulnerability to crash the affected application and execute arbitrary code in the affected application.
<* Source: Luigi Auriemma (aluigi@pivx.com)
Link: http://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php? Id = 961
Http://www.adobe.com/support/security/bulletins/apsb11-17.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Adobe
-----
Adobe has released a Security Bulletin (APSB11-17) and patches for this:
APSB11-17: Security update available for Adobe Shockwave Player
Link: http://www.adobe.com/support/security/bulletins/apsb11-17.html