Adobe Shockwave Player <= 11.5.7.609 (APSB10-20) (Mac OS X)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host contains a web browser plugin that is
affected by multiple vulnerabilities.

Description :

The remote Mac OS X host contains a version of Adobe Shockwave Player
that is 11.5.7.609 or earlier. It is, therefore, affected by multiple
vulnerabilities :

- Multiple memory corruption issues exist that allow
arbitrary code execution. (CVE-2010-2863,
CVE-2010-2864, CVE-2010-2866, CVE-2010-2869,
CVE-2010-2870, CVE-2010-2871, CVE-2010-2872,
CVE-2010-2873, CVE-2010-2873, CVE-2010-2874,
CVE-2010-2875, CVE-2010-2876, CVE-2010-2877,
CVE-2010-2878, CVE-2010-2880, CVE-2010-2881,
CVE-2010-2882)

- A pointer offset vulnerability exists that allows code
execution. (CVE-2010-2867)

- Multiple unspecified denial of service issues exist.
(CVE-2010-2865, CVE-2010-2868)

- An integer overflow vulnerability exists that allows
to code execution. (CVE-2010-2879)

See also :

http://www.adobe.com/support/security/bulletins/apsb10-20.html

Solution :

Upgrade to Adobe Shockwave 11.5.8.612 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true