Hillstone Networks

RULE（RULE ID：711169）

Rule General Information


Release Date:		2017-05-26

Rule Name:		FILE-OTHER Adobe Shockwave Player Director File FFFFFF88 Record Parsing Remote Code Execution Vulnerability (CVE-2010-4192)

Severity:

CVE ID:

Rule Protection Details


Description:		Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted 3D Assets 0xFFFFFF88 type record that triggers an incorrect memory allocation.

Impact:		An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software.

Affected OS:		Windows, Other Unix, FreeBSD, Linux

Reference:		AdobeSecurityBulletins:apsb11-01 SecurityFocusBID:46326 SecurityTrackerID:1025056

Solutions

Adobe has issued a fix on the official website. For more advisory, please visit http://www.adobe.com/support/security/bulletins/apsb11-01.html