HTTP: Adobe Shockwave Flash Player Memory Disclosure

This signature detects an attempt to exploit a memory disclosure vulnerability against Adobe Shockwave Player. Successful exploitation could allow an attacker to craft a malicious dir file and launch further attacks into the context of the running application.

Extended Description

Adobe Shockwave Player before 12.0.2.122 does not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.

Affected Products

Adobe shockwave_player

References

CVE: CVE-2013-1385

Short Name
HTTP:STC:SWF:MEM-DISC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Adobe CVE-2013-1385 Disclosure Flash Memory Player Shockwave
Release Date
01/21/2015
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Adobe

CVSS Score

10.0

Found a potential security threat?