Adobe Shockwave Player <= 184.108.40.206 DLL Hijacking (APSB17-08)
High Nessus Plugin ID 97835
SynopsisThe remote Windows host contains a web browser plugin that is affected by a DLL hijacking vulnerability.
DescriptionThe remote Windows host contains a version of Adobe Shockwave Player that is prior or equal to 220.127.116.11. It is, therefore, affected by a DLL hijacking vulnerability when loading certain dynamic link library (DLL) files due to searching an insecure path that may not be trusted or under user control. An unauthenticated, remote attacker can exploit this issue to execute arbitrary code, with the privileges of the user running the program, by placing a specially crafted file in the path and convincing the user to open a supported file type (e.g., located on a remote WebDAV share).
SolutionUpgrade to Adobe Shockwave Player version 18.104.22.168 or later.