Adobe Shockwave Player <= 12.2.8.198 Memory Corruption RCE (APSB17-18)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a web browser plugin that is affected
by a remote code execution vulnerability.

Description :

The version of Adobe Shockwave Player installed on the remote host is
equal or prior to 12.2.8.198. It is, therefore, affected by an
unspecified memory corruption issue due to improper validation of
user-supplied input. An unauthenticated, remote attacker can exploit
this to cause a denial of service condition or the execution of
arbitrary code.

See also :

https://helpx.adobe.com/security/products/shockwave/apsb17-18.html

Solution :

Upgrade to Adobe Shockwave Player version 12.2.9.199 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 100806 ()

Bugtraq ID: 99019

CVE ID: CVE-2017-3086

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now