Adobe Shockwave Player <= DLL Hijacking (APSB17-08)

High Nessus Plugin ID 97835


The remote Windows host contains a web browser plugin that is affected by a DLL hijacking vulnerability.


The remote Windows host contains a version of Adobe Shockwave Player that is prior or equal to It is, therefore, affected by a DLL hijacking vulnerability when loading certain dynamic link library (DLL) files due to searching an insecure path that may not be trusted or under user control. An unauthenticated, remote attacker can exploit this issue to execute arbitrary code, with the privileges of the user running the program, by placing a specially crafted file in the path and convincing the user to open a supported file type (e.g., located on a remote WebDAV share).


Upgrade to Adobe Shockwave Player version or later.

See Also

Plugin Details

Severity: High

ID: 97835

File Name: shockwave_player_apsb17-08.nasl

Version: $Revision: 1.4 $

Type: local

Agent: windows

Family: Windows

Published: 2017/03/20

Modified: 2017/06/29

Dependencies: 39564

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 8.8

Temporal Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:adobe:shockwave_player

Required KB Items: SMB/shockwave_player

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/03/14

Vulnerability Publication Date: 2017/03/14

Reference Information

CVE: CVE-2017-2983

BID: 96863

OSVDB: 153611