HTTP: Adobe Shockwave tSAC Chunk Invalid Seek Memory Corruption
This signature detects attempts to exploit a known code execution vulnerability in Adobe Shockwave. It is due to a signedness error while parsing tSAC chunks in Adobe Director fields. The vulnerable code does not properly validate an offset value provided in the chunk data before using it to calculate a memory address. Remote attackers can exploit this by enticing target users to open a malicious DIR file using a vulnerable version of the product. A successful attack can result in arbitrary code execution in the security context of the logged in user. In an unsuccessful attack, the affected application can terminate abnormally.
Extended Description
Adobe Shockwave Player is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed attacks may cause a denial-of-service condition. Adobe Shockwave Player 11.5.7.609 and prior are vulnerable. NOTE: This issue was previously covered in BID 42657 (Adobe Shockwave Player APSB10-20 Multiple Remote Vulnerabilities) but has been given its own record to better document it.
Affected Products
Adobe shockwave_player
Short Name
HTTP:STC:SWF:SWAVE-TSAC-CHUNK
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Adobe CVE-2010-2875 Chunk Corruption Invalid Memory Seek Shockwave bid:42668 tSAC
Release Date
10/26/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Adobe
CVSS Score
9.3