CVE-2011-2113

Name of the Vulnerable Software and Affected Versions Adobe Shockwave Player versions prior to 11.6.0.626

Description The issue is related to multiple buffer overflows in the Shockwave3DAsset component. This allows attackers to execute arbitrary code via unspecified vectors. There are reports of remote code execution vulnerabilities in the iml32.dll, specifically in the DEMX chunk substructure count and the DEMX chunk 0xFFFFFF49 field.

Recommendations For Adobe Shockwave Player versions prior to 11.6.0.626, update to version 11.6.0.626 or later to resolve the issue. As a temporary workaround, consider disabling the Shockwave3DAsset component until a patch is available. Restrict access to the iml32.dll file to minimize the risk of exploitation. Avoid using the DEMX chunk in the affected API endpoints until the issue is resolved.