Adobe Shockwave Player Multiple Vulnerabilities

Last Update Date: 21 Dec 2012 17:19 Release Date: 21 Dec 2012 4128 Views

RISK: High Risk

High Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in Adobe Shockwave Player. which can be exploited by remote user to compromise a vulnerable system.

  1. A remote user can create specially crafted Shockwave content that specifies an older version (10.x) of Shockwave and, when loaded by the target user, will exploit a flaw in the older version and execute arbitrary code on the target system. The code will run with the privileges of the target user.
  2. The software includes Flash version 10.2.159.1, which contains vulnerabilities. A remote user can create specially crafted Shockwave content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.
  3. A remote user can create specially crafted Shockwave content that, when loaded by the target user, will download an 'Xtra' that contains vulnerabilities and exploit those to execute arbitrary code on the target system. The code will run with the privileges of the target user.

Impact

  • Remote Code Execution

System / Technologies affected

  •  Adobe Shockwave Player 11.x

Solutions

  • Note: Vendor patch is currently unavailable.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Nagios history.cgi "get_history()" Buffer Overflow Vulnerability

20 Dec 2012 5494 Views

Next

IBM InfoSphere Streams Java Multiple Vulnerabilities

21 Dec 2012 4095 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY