Detections
Analytics
Shockwave Player <= 11.6.4.634 Multiple Memory Corruption Vulnerabilities (APSB12-13)
high Nessus Plugin ID 59047
Language:
Synopsis
The remote Windows host contains a web browser plugin that is affected by multiple memory corruption vulnerabilities.Description
The remote Windows host contains a version of Adobe's Shockwave Player that is 11.6.4.634 or earlier. As such, it is potentially affected by multiple unspecified memory corruption vulnerabilities.A remote attacker could exploit these issues by tricking a user into viewing a malicious Shockwave file, resulting in arbitrary code execution.
Solution
Upgrade to Adobe Shockwave Player 11.6.5.635 or later.See Also
http://seclists.org/fulldisclosure/2012/May/71
http://seclists.org/fulldisclosure/2012/May/72
http://seclists.org/fulldisclosure/2012/May/73
http://www.adobe.com/support/security/bulletins/apsb12-13.html
Plugin Details
Severity: High
ID: 59047
File Name: shockwave_player_apsb12-13.nasl
Version: 1.8
Type: local
Agent: windows
Family: Windows
Published: 5/9/2012
Updated: 7/27/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:adobe:shockwave_player
Required KB Items: SMB/shockwave_player
Exploit Ease: No known exploits are available
Patch Publication Date: 5/8/2012
Vulnerability Publication Date: 5/8/2012
Reference Information
CVE: CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, CVE-2012-2032, CVE-2012-2033
BID: 53420