mailing list archives
[BGA - SignalSEC Advisory]:Adobe Shockwave Player Remote Code Execution
From: signaladvisory () gmail com
Date: Tue, 14 Jun 2011 23:16:48 GMT
Affected Vendors: Adobe
Affected Products: Shockwave Player
CVE ID: CVE-2011-2122
Risk Level: High
Vulnerability: Memory Corruption
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave
Player. User interaction is required to trigger this vulnerability in that the target must visit a malicious page or
open a malicious file.
A memory corruption vulnerability in the Dirapi.dll component that could lead to code execution. By crafting specific
values within rcsL substructures an attacker can corrupt memory.
2011-02-14 - Vulnerability reported to vendor
2011-06-14 - Coordinated public release of advisory
Adobe has released a patch for this issue. More details can be found at:
This vulnerability was discovered by Celil UNUVER from BGA and SignalSEC
BGA InfoSec Academy is a company located in Turkey which provides information security trainings, penetration testing ,
malware analysis and software security audit services.
SignalSEC is a company located in Turkey which provides vulnerability , cyber threat intelligence and research services.
- [BGA - SignalSEC Advisory]:Adobe Shockwave Player Remote Code Execution signaladvisory (Jun 16)