Shockwave Update Corrects Five Buffer Overflows

Summary:

  • This vulnerability affects: Adobe Shockwave Player 11.6.7.637 and earlier, running on Windows and Macintosh computers
  • How an attacker exploits it: By enticing your users into visiting a website containing a malicious Shockwave content
  • Impact: An attacker can execute code on your computer, potentially gaining control of it
  • What to do: If you allow the use of Shockwave in your network, you should download and deploy the latest version (11.6.8.638) of Adobe Shockwave Player as soon as possible.

Exposure:

Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on hundreds of millions of PCs.

In a security bulletin released this week, Adobe warned of six vulnerabilities that affect Adobe Shockwave Player 11.6.7.637 for Windows and Macintosh (as well as all earlier versions). Adobe’s bulletin doesn’t describe the flaws in much technical detail, though it does say that five of them are buffer overflow vulnerabilities, and the last is another memory related flaw. All six of the security flaws have the same impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit any of these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PC.

If you use Adobe Shockwave in your network, we recommend you download and deploy the latest version at your earliest convenience.

Solution Path

Adobe has released Shockwave Player version 11.6.8.638 to fix these security flaws. If you use Adobe Shockwave in your network, we recommend you download and deploy the updated player as soon as possible. You can get it from the link below.

For All WatchGuard Users:

If you choose, you can configure the HTTP proxy on your XTM appliance to block Shockwave content. Keep in mind, doing so blocks all Shockwave content, whether legitimate or malicious.

Our proxies offer many ways for you to block files and content, including by file extension,  MIME type, or by using very specific hexidecimal patterns found in the body of a message – a technique sometimes referred to as Magic Byte detection. Below I list the various ways you can identify Shockwave files:

File Extension:

  • .swf –  Adobe Shockwave files

MIME types:

  • application/x-shockwave-flash
  • application/x-shockwave-flash2-preview
  • application/futuresplash
  • image/vnd.rn-realflash

FILExt.com reported Magic Byte Pattern:

  • Hex: 46 57 53

(We believe this pattern is too short, thus prone to false positives. We don’t recommend you use it) 

If you decide you want to block Shockwave files, the links below contain instructions that will help you configure your Firebox proxy’s content blocking features using the file and MIME information listed above.

Status:

Adobe has released a Shockwave Player update to fix these vulnerabilities.

References:

About Corey Nachreiner

Corey Nachreiner has been with WatchGuard since 1999 and has since written more than a thousand concise security alerts and easily-understood educational articles for WatchGuard users. His security training videos have generated hundreds of letters of praise from thankful customers and accumulated more than 100,000 views on YouTube and Google Video. A Certified Information Systems Security Professional (CISSP), Corey speaks internationally and is often quoted by other online sources, including C|NET, eWeek, and Slashdot. Corey enjoys "modding" any technical gizmo he can get his hands on, and considers himself a hacker in the old sense of the word.

5 Responses to “Shockwave Update Corrects Five Buffer Overflows”

  1. Nice answers inn return of this matter with solid arguments and telling
    the whole thing about that.

Trackbacks/Pingbacks

  1. WatchGuard Security Week in Review: Episode 39 – RDP Hostages | WatchGuard Security Center - October 26, 2012

    [...] Adobe releases Shockwave Player update - WGSC [...]

  2. Shockwave Update Corrects Five Buffer Overflows « microreksa - October 28, 2012

    [...] Shockwave Update Corrects Five Buffer Overflows [...]

  3. WatchGuard Security Week in Review: Episode 39 – RDP Hostages « microreksa - October 28, 2012

    [...] Adobe releases Shockwave Player update - WGSC [...]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 7,386 other followers

%d bloggers like this: