HTTP: Adobe Shockwave Player rcsL Chunk Parsing Out of Bounds Array Indexing
A code execution vulnerability has been reported in Adobe Shockwave Player. The vulnerability is due to an error while parsing crafted data in an rcsL RIFF chunk of a DIR file. An attacker can exploit this vulnerability by enticing a user to process a malicious file, which can result in remote code execution under the security context of the current user.
Extended Description
Adobe Shockwave Player is prone to multiple memory corruption vulnerabilities. Attackers can exploit these issues to crash the affected application and execute arbitrary code within the context of the affected application. Versions prior to Adobe Shockwave Player 11.6.4.634 are vulnerable.
Affected Products
Adobe shockwave_player
Short Name
HTTP:STC:ADOBE:SHOCKWAVE-OOB
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Adobe Array Bounds CVE-2012-2031 Chunk Indexing Out Parsing Player Shockwave bid:53420 of rcsL
Release Date
06/20/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Adobe
CVSS Score
10.0