Adobe Shockwave Player 'dirapi.dll' Stack Overflow Vulnerability

  Severity: CRITICAL
  Advisory Date: JUL 21, 2015

  DESCRIPTION

Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code via unspecified vectors.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1004517
  Trend Micro Deep Security DPI Rule Name: 1004517 - Adobe Shockwave Player 'dirapi.dll' Stack Overflow Vulnerability

  AFFECTED SOFTWARE AND VERSION

  • Adobe Shockwave Player 10.0.0.210
  • Adobe Shockwave Player 1.0
  • Adobe Shockwave Player 10.0.1.004
  • Adobe Shockwave Player 10.1.0.011
  • Adobe Shockwave Player 10.1.0.11
  • Adobe Shockwave Player 10.1.1.016
  • Adobe Shockwave Player 10.1.4.020
  • Adobe Shockwave Player 10.2.0.021
  • Adobe Shockwave Player 10.2.0.022
  • Adobe Shockwave Player 10.2.0.023
  • Adobe Shockwave Player 11.0.0.456
  • Adobe Shockwave Player 11.0.3.471
  • Adobe Shockwave Player 11.5.0.595
  • Adobe Shockwave Player 11.5.0.596
  • Adobe Shockwave Player 11.5.1.601
  • Adobe Shockwave Player 11.5.2.602
  • Adobe Shockwave Player 11.5.6.606
  • Adobe Shockwave Player 11.5.7.609
  • Adobe Shockwave Player 11.5.8.612
  • Adobe Shockwave Player 2.0
  • Adobe Shockwave Player 3.0
  • Adobe Shockwave Player 4.0
  • Adobe Shockwave Player 5.0
  • Adobe Shockwave Player 6.0
  • Adobe Shockwave Player 8.0
  • Adobe Shockwave Player 8.0.196
  • Adobe Shockwave Player 8.0.196a
  • Adobe Shockwave Player 8.0.204
  • Adobe Shockwave Player 8.0.205
  • Adobe Shockwave Player 8.5.1
  • Adobe Shockwave Player 8.5.1.100
  • Adobe Shockwave Player 8.5.1.103
  • Adobe Shockwave Player 8.5.1.105
  • Adobe Shockwave Player 8.5.1.106
  • Adobe Shockwave Player 8.5.321
  • Adobe Shockwave Player 8.5.323
  • Adobe Shockwave Player 8.5.324
  • Adobe Shockwave Player 8.5.325
  • Adobe Shockwave Player 9
  • Adobe Shockwave Player 9.0.383
  • Adobe Shockwave Player 9.0.432