Shockwave Player <= 220.127.116.117 Multiple Vulnerabilities (APSB12-23)
High Nessus Plugin ID 62702
SynopsisThe remote Windows host contains a web browser plugin that is affected by multiple vulnerabilities.
DescriptionThe remote Windows host contains a version of Adobe's Shockwave Player that is equal to or earlier than 18.104.22.1687 and is, therefore, potentially affected by the following vulnerabilities :
- Several unspecified errors exist that can lead to buffer overflow vulnerabilities and possible code execution. (CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, CVE-2012-4175, CVE-2012-5273)
- An array out-of-bounds error exists that can lead to code execution. (CVE-2012-4176)
A remote attacker could exploit these issues by tricking a user into viewing a malicious Shockwave file, resulting in arbitrary code execution.
SolutionUpgrade to Adobe Shockwave Player 22.214.171.1248 or later.