-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2011-0009 Title: Multiple vulnerabilities on Adobe Shockwave Player Version history: 09.11.2011 Initial publication Summary ======= Adobe Shockwave Player is prone to several memory corruption vulnerabilities [1] leading to arbitrary code execution. CVE-2011-2446, CVE-2011-2447, CVE-2011-2448, CVE-2011-2449 Potential impact ================ The attackers may exploit this vulnerability to execute arbitrary code in the context of the applicaiton account (browser). The attack may also lead to denial of the service. Note that the attack can be performed remotely and be triggered by browsing to a maliicous website or making the user clicking on a link (eg, via email). The Vendor has assessed this patch as critical. CVSS Version 2 Scores CVSS2 Base 6.8 CVSS2 Temporal 5 CVSS2 Base Vector AV:N/AC:M/Au:N/C:P/I:P/A:P CVSS2 Temporal VectorE:U/RL:OF/RC:C Access Vector: Remotely exploitable; Access Complexity: Medium; Authentication: Not required; Impact Type: Allows unauthorized disclosure and modification of information and service disruption; Exploitability: No exploit code is available; Remediation Level: Official Fix available; Report Confidence: The vulnerability has been acknowledged by the vendor; Vulnerable Systems - ------------------ Shockwave Player 11.6.1.629 and earlier versions for Windows and Macintosh What can you do? ================ Solution - -------- A fix has been released by the Vendor [1]. Work-arounds: - ------------ Deploy network intrusion detection systems to monitor network traffic for malicious activity. Also monitor network traffic for signs of anomalous or suspicious activity, including requests that include NOP sleds and unexplained incoming and outgoing traffic as these may be indications of exploit attempts or activity that results from successful exploits. Implement multiple redundant layers of security. Enable the memory-protection schemes if supported by the operating system (such as nonexecutable and randomly mapped memory segments). This may hinder an attacker's ability to exploit this vulnerability to execute arbitrary code. Configure your system to run all applicaiton as a non-privileged user and with minimal access rights required. What to tell your users? ======================== Normal security best practices apply. Especially, inform your users to be aware not to click on the link in suspicious emails; to immediately forward the email to the respective IT security officer / contact in your institution. More information ================ [1] http://www.adobe.com/support/security/bulletins/apsb11-27.html Best regards, - -- CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 -----BEGIN PGP SIGNATURE----- Version: BCPG v1.39 iQJXBAEBAgBBBQJOupS9OhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4O3Hg//YYuMzyjY HV2l2ffPxp9DLAAsKMcHlFP06Jo0UCm7+Q4g8C10SjTjvYD4loDBIXhs55U8n680 TqsGqyib4uw8xO4ddD6lGt5o9cmO8aSuLb6ol81taDTdKdkvOdeBehtOyOkP1Pz3 uZieRCHgdvcDChLhZvWWW8wY5lnuW66A+ai+WE752I7BAKGMnb2Xt9g4J2NLWNPg RAboCCmIG1bYwBoXHm+jw1P3O7CNH31q5CBBiceyKwBHnxjAhdDPbJBznMmWXRdH h71zNH9TywBv+KqIC5jBtQYMoc5gW4kKT/wgqnWDoxnDuDCS+bfxE46IarxGPk7l AQ0KDfD5q8YTfwKOaOcDpigzLKonJUHOcAwxKvjtzFLv2XltJmvm0S1WLYefg64t kd72m+y3o1Z5e4IR+cs2GK9gGo4Ot6qGbe+c/wPRT9369vl12HwwvpYcefhVpb2L 2T/LTQaBZabLZpKmdQsNIoqNo1PDBeiP456mYWRjxZV3fhx0BB6Ja0M5odxeTlxY AT8GyoYb1IgTkTlFcCU07pOPCbtr/rXnicDBGNN+kHBud4fVY2npd2UFDzohKL6q DNsLIr2k+pkl3PkvO4Y+Dr/y8skoeEommgtRn4W4O9CyOQ/Aj58wPT3YyhH90F+7 vqekkZBNCVfXVqC1RrhqBHDgJlE9C0FZ16s= =5Wxq -----END PGP SIGNATURE-----