Skip to main content

Adobe Shockwave Player Multiple Vulnerabilities

Last Update Date: 21 Dec 2012 17:19 Release Date: 21 Dec 2012 4792 Views

RISK: High Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in Adobe Shockwave Player. which can be exploited by remote user to compromise a vulnerable system.

  1. A remote user can create specially crafted Shockwave content that specifies an older version (10.x) of Shockwave and, when loaded by the target user, will exploit a flaw in the older version and execute arbitrary code on the target system. The code will run with the privileges of the target user.
  2. The software includes Flash version 10.2.159.1, which contains vulnerabilities. A remote user can create specially crafted Shockwave content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.
  3. A remote user can create specially crafted Shockwave content that, when loaded by the target user, will download an 'Xtra' that contains vulnerabilities and exploit those to execute arbitrary code on the target system. The code will run with the privileges of the target user.