Adobe Shockwave contains a memory corruption vulnerability when handling crafted Shockwave movie files. Successful exploitation could allow execution of arbitrary code.
Adobe Shockwave player 184.108.40.2062 and prior on Windows and Macintosh
Remote Code Execution
Remote Code Execution under current user's privileges This client-side vulnerability may be exploited by an attacker by tricking the user into viewing a malicious website. Once successfully exploited, the attacker gains the ability to remotely execute arbitrary code with the same permissions as the user that is currently logged in. If the user is an administrator, the attacker could install malicious software and further compromise the system.
BeyondTrust Prevention and Detection:
- BeyondTrust's Blink® Professional Edition protects from this vulnerability.
- BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- Retina Audit ID 13700 - Adobe Shockwave Player Multiple Vulnerabilities (20101029) - Core Player
- Retina Audit ID 13701 - Adobe Shockwave Player Multiple Vulnerabilities (20101029) - IE Plugin
- Retina Audit ID 13702 - Adobe Shockwave Player Multiple Vulnerabilities (20101029) - Mozilla Plugin
- Retina Audit ID 13703 - Adobe Shockwave Player Multiple Vulnerabilities (20101029) - Mac OS X
Upgrade Shockwave Player and/or appropriate browser plugins to version 220.127.116.115 or newer. This resolves the publicly disclosed zero-day vulnerability as well as other vulnerabilities.