Adobe Shockwave Player <= Memory Corruption RCE (APSB17-18)

High Nessus Plugin ID 100806


The remote Windows host contains a web browser plugin that is affected by a remote code execution vulnerability.


The version of Adobe Shockwave Player installed on the remote host is equal or prior to It is, therefore, affected by an unspecified memory corruption issue due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.


Upgrade to Adobe Shockwave Player version or later.

See Also

Plugin Details

Severity: High

ID: 100806

File Name: shockwave_player_apsb17-18.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2017/06/15

Modified: 2017/11/16

Dependencies: 39564

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:shockwave_player

Required KB Items: SMB/shockwave_player

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2017/06/13

Vulnerability Publication Date: 2017/06/13

Reference Information

CVE: CVE-2017-3086

BID: 99019

OSVDB: 158885