Shockwave Player <= 220.127.116.113 Multiple Code Execution Vulnerabilities (APSB12-02)
High Nessus Plugin ID 57941
SynopsisThe remote Windows host contains a web browser plugin that is affected by multiple vulnerabilities.
DescriptionThe remote Windows host contains a version of Adobe's Shockwave Player that is 18.104.22.1683 or earlier. As such, it is potentially affected by multiple code execution vulnerabilities.
- Multiple memory corruption issues exist related to the Shockwave 3D Asset that could lead to code execution.
(CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766)
- An unspecified heap-based buffer overflow exists that could lead to code execution. (CVE-2012-0758)
- An unspecified memory corruption vulnerability exists that could lead to code execution. (CVE-2012-0759)
A remote attacker could exploit these issues by tricking a user into viewing a malicious Shockwave file, resulting in arbitrary code execution.
SolutionUpgrade to Adobe Shockwave 22.214.171.1244 or later.