Detections
Analytics

Shockwave Player < 11.5.8.612

high Nessus Plugin ID 48436

Language:

Synopsis

The remote Windows host contains a web browser plugin that is affected by multiple vulnerabilities.

Description

The remote Windows host contains a version of Adobe's Shockwave Player that is earlier than 11.5.8.612. Such versions are potentially affected by the following issues :

 - Multiple memory corruption issues exist that could lead to arbitrary code execution. (CVE-2010-2863, CVE-2010-2864, CVE-2010-2866, CVE-2010-2869, CVE-2010-2870, CVE-2010-2871, CVE-2010-2872, CVE-2010-2873, CVE-2010-2873, CVE-2010-2874, CVE-2010-2875, CVE-2010-2876, CVE-2010-2877, CVE-2010-2878, CVE-2010-2880, CVE-2010-2881, CVE-2010-2882)

 - A pointer offset vulnerability exists that could lead to code execution. (CVE-2010-2867)

 - Multiple unspecified denial of service issues exist. (CVE-2010-2865, CVE-2010-2868)

 - An integer overflow vulnerability exists that could lead to lead to code execution. (CVE-2010-2879)

Solution

Upgrade to Adobe Shockwave 11.5.8.612 or later.

See Also

http://www.adobe.com/support/security/bulletins/apsb10-20.html

Plugin Details

Severity: High

ID: 48436

File Name: shockwave_player_apsb10-20.nasl

Version: 1.10

Type: local

Agent: windows

Family: Windows

Published: 8/25/2010

Updated: 7/27/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:adobe:shockwave_player

Required KB Items: SMB/shockwave_player

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/24/2010

Vulnerability Publication Date: 8/24/2010

Exploitable With

Core Impact

Reference Information

CVE: CVE-2010-2863, CVE-2010-2864, CVE-2010-2865, CVE-2010-2866, CVE-2010-2867, CVE-2010-2868, CVE-2010-2869, CVE-2010-2870, CVE-2010-2871, CVE-2010-2872, CVE-2010-2873, CVE-2010-2874, CVE-2010-2875, CVE-2010-2876, CVE-2010-2877, CVE-2010-2878, CVE-2010-2879, CVE-2010-2880, CVE-2010-2881, CVE-2010-2882

BID: 42664, 42665, 42666, 42667, 42668, 42669, 42670, 42671, 42672, 42673, 42674, 42675, 42676, 42677, 42678, 42679, 42680, 42682, 42683, 42684

Secunia: 41065