Adobe Shockwave Player Multiple Vulnerabilities
Last Update Date:
21 Dec 2012 17:19
Release Date:
21 Dec 2012
4792
Views
RISK: High Risk
TYPE: Clients - Audio & Video
Multiple vulnerabilities have been identified in Adobe Shockwave Player. which can be exploited by remote user to compromise a vulnerable system.
- A remote user can create specially crafted Shockwave content that specifies an older version (10.x) of Shockwave and, when loaded by the target user, will exploit a flaw in the older version and execute arbitrary code on the target system. The code will run with the privileges of the target user.
- The software includes Flash version 10.2.159.1, which contains vulnerabilities. A remote user can create specially crafted Shockwave content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.
- A remote user can create specially crafted Shockwave content that, when loaded by the target user, will download an 'Xtra' that contains vulnerabilities and exploit those to execute arbitrary code on the target system. The code will run with the privileges of the target user.
Impact
- Remote Code Execution
System / Technologies affected
- Adobe Shockwave Player 11.x
Solutions
- Note: Vendor patch is currently unavailable.
Vulnerability Identifier
Source
Related Link
Share with