Shockwave Player < Multiple Vulnerabilities (APSB09-11)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains an Internet Explorer plugin which
uses a vulnerable version of the Microsoft Active Template Library

Description :

The remote Windows host contains a version of Adobe's Shockwave Player
that is earlier than Such versions were compiled against a
version of Microsoft's Active Template Library (ATL) that contained a
vulnerability. If an attacker can trick a user of the affected
software into opening such a file, this issue could be leveraged to
execute arbitrary code with the privileges of that user.

See also :

Solution :

Uninstall the Internet Explorer version of Shockwave Player version and earlier, restart the system, and then install version or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 40421 ()

Bugtraq ID: 35845

CVE ID: CVE-2009-0901

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now