Critical Adobe Shockwave Player Remote Code Execution Vulnerability
( Adobe Security Advisory APSA10-04, CVE-2010-3653 )
Summary
A critical memory corruption vulnerability has been identified in Adobe Shockwave Player. An remote attacker can exploit this issue via a specially crafted DIR file and potentially take complete control of the affected system.
Details
Adobe Shockwave Player is a multimedia application that allows animated content created in Adobe Director to viewed in a web browser that has the Shockwave plug-in installed.
The vulnerability is due to an error in Adobe Shockwave Player's dirapi.dll module while parsing a value from an rcsL RIFF chunk record in specially crafted Director files. A remote attacker can exploit this issue by enticing a user to open a malicious DIR file. Successful exploitation of this vulnerability leads to memory corruption, which could cause the Player program to crash. An attacker could then execute malicious code on the affected system and take complete control of it.
Affected Products
This vulnerability exists in Adobe Shockwave Player 11.5.8.612 and earlier versions for Windows and Macintosh.
Solution
Check Point recommends that affected systems be patched as soon as Adobe releases a fix. In the meantime, the Check Point R70/71 IPS Software Blade provides immediate protection of unpatched systems by detecting malformed Adobe DIR files and blocking their transfer over HTTP. For more information, see CPAI-2010-299.
Originally Published:
Last Updated: 27-Oct-2010