Shockwave Player < 11.5.8.612

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a web browser plugin that is
affected by multiple vulnerabilities.

Description :

The remote Windows host contains a version of Adobe's Shockwave Player
that is earlier than 11.5.8.612. Such versions are potentially
affected by the following issues :

- Multiple memory corruption issues exist that could lead
to arbitrary code execution. (CVE-2010-2863,
CVE-2010-2864, CVE-2010-2866, CVE-2010-2869,
CVE-2010-2870, CVE-2010-2871, CVE-2010-2872,
CVE-2010-2873, CVE-2010-2873, CVE-2010-2874,
CVE-2010-2875, CVE-2010-2876, CVE-2010-2877,
CVE-2010-2878, CVE-2010-2880, CVE-2010-2881,
CVE-2010-2882)

- A pointer offset vulnerability exists that could lead to
code execution. (CVE-2010-2867)

- Multiple unspecified denial of service issues exist.
(CVE-2010-2865, CVE-2010-2868)

- An integer overflow vulnerability exists that could lead
to lead to code execution. (CVE-2010-2879)

See also :

http://www.adobe.com/support/security/bulletins/apsb10-20.html

Solution :

Upgrade to Adobe Shockwave 11.5.8.612 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true