Vulnerability Details : CVE-2011-0556
The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PFR1 chunk that leads to an unexpected sign extension and an invalid pointer dereference, a different vulnerability than CVE-2011-0569.
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Products affected by CVE-2011-0556
- cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0556
2.52%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0556
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2011-0556
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0556
-
http://www.securityfocus.com/bid/46328
Adobe Shockwave Player 'Xtra.x32' Module Memory Corruption Remote Code Execution Vulnerability
-
http://www.securityfocus.com/archive/1/516336/100/0/threaded
SecurityFocus
-
http://www.vupen.com/english/advisories/2011/0335
Webmail | OVH- OVHVendor Advisory
-
http://www.adobe.com/support/security/bulletins/apsb11-01.html
Adobe - Security Bulletins: APSB11-01 - Security update available for Shockwave PlayerPatch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65258
Adobe Shockwave Player Font Xtra.x32 code execution CVE-2011-0556 Vulnerability Report
-
http://www.securitytracker.com/id?1025056
Adobe Shockwave Player Has Multiple Flaws That Let Remote Users Execute Arbitrary Code - SecurityTracker
-
http://dvlabs.tippingpoint.com/advisory/TPTI-11-03
Threat Intelligence | Digital Vaccine® | ThreatLinQ | Trend Micro
Jump to