Adobe Shockwave Player <= 126.96.36.1993 Multiple Code Execution Vulnerabilities (APSB12-02) (Mac OS X)
High Nessus Plugin ID 80179
SynopsisThe remote Mac OS X host contains a web browser plugin that is affected by multiple vulnerabilities.
DescriptionThe remote Mac OS X host contains a version of Adobe Shockwave Player that is 188.8.131.523 or earlier. It is, therefore, affected by multiple code execution vulnerabilities.
- Multiple memory corruption issues exist related to the Shockwave 3D Asset that allow code execution.
(CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766)
- An unspecified heap-based buffer overflow exists that allows code execution. (CVE-2012-0758)
- An unspecified memory corruption vulnerability exists that allows to code execution. (CVE-2012-0759)
A remote attacker can exploit these issues by tricking a user into viewing a malicious Shockwave file, resulting in arbitrary code execution.
SolutionUpgrade to Adobe Shockwave 184.108.40.2064 or later.