Summary
The host is installed with Adobe Audition and is prone to multiple buffer overflow vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service via crafted data in unspecified fields in the TRKM chunk in an Audition Session file.
Impact Level: Application
Solution
Upgrade to version CS5.5 or higher,
For updates refer to http://www.adobe.com/products/audition.html
Insight
The flaw is due to an error when handling '.SES' (session) format file, which results in memory corruption, application crash or possibly execute arbitrary code.
Affected
Adobe Audition version 3.0.1 and earlier on Windows
References
Severity
Classification
-
CVE CVE-2011-0614, CVE-2011-0615 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Shockwave Player ActiveX Control BOF Vulnerability
- Apple iTunes 'itms:' URI Stack Buffer Overflow Vulnerability
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Mac OS X)
- A-V Tronics InetServ POP3 Denial Of Service Vulnerability
- Adobe Reader Multimeda Doc.media.newPlayer Code Execution Vulnerability (Linux)