Adobe Shockwave Player <= 11.5.7.609 (APSB10-20) (Mac OS X)

critical Nessus Plugin ID 80173

Synopsis

The remote Mac OS X host contains a web browser plugin that is affected by multiple vulnerabilities.

Description

The remote Mac OS X host contains a version of Adobe Shockwave Player that is 11.5.7.609 or earlier. It is, therefore, affected by multiple vulnerabilities :

- Multiple memory corruption issues exist that allow arbitrary code execution. (CVE-2010-2863, CVE-2010-2864, CVE-2010-2866, CVE-2010-2869, CVE-2010-2870, CVE-2010-2871, CVE-2010-2872, CVE-2010-2873, CVE-2010-2873, CVE-2010-2874, CVE-2010-2875, CVE-2010-2876, CVE-2010-2877, CVE-2010-2878, CVE-2010-2880, CVE-2010-2881, CVE-2010-2882)

- A pointer offset vulnerability exists that allows code execution. (CVE-2010-2867)

- Multiple unspecified denial of service issues exist.
(CVE-2010-2865, CVE-2010-2868)

- An integer overflow vulnerability exists that allows to code execution. (CVE-2010-2879)

Solution

Upgrade to Adobe Shockwave 11.5.8.612 or later.

See Also

http://www.adobe.com/support/security/bulletins/apsb10-20.html

Plugin Details

Severity: Critical

ID: 80173

File Name: macosx_shockwave_player_apsb10-20.nasl

Version: 1.5

Type: local

Agent: macosx

Published: 12/22/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2010-2863

Vulnerability Information

CPE: cpe:/a:adobe:shockwave_player

Required KB Items: installed_sw/Shockwave Player, Host/MacOSX/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/24/2010

Vulnerability Publication Date: 8/24/2010

Exploitable With

Core Impact

Reference Information

CVE: CVE-2010-2863, CVE-2010-2864, CVE-2010-2865, CVE-2010-2866, CVE-2010-2867, CVE-2010-2868, CVE-2010-2869, CVE-2010-2870, CVE-2010-2871, CVE-2010-2872, CVE-2010-2873, CVE-2010-2874, CVE-2010-2875, CVE-2010-2876, CVE-2010-2877, CVE-2010-2878, CVE-2010-2879, CVE-2010-2880, CVE-2010-2881, CVE-2010-2882

BID: 42664, 42665, 42666, 42667, 42668, 42669, 42670, 42671, 42672, 42673, 42674, 42675, 42676, 42677, 42678, 42679, 42680, 42682, 42683, 42684