Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.803093
Category:General
Title:Adobe Shockwave Player Multiple Vulnerabilities Jan-2013 (Mac OS X)
Summary:This host is installed with Adobe Shockwave Player and is prone; to multiple vulnerabilities.
Description:Summary:
This host is installed with Adobe Shockwave Player and is prone
to multiple vulnerabilities.

Vulnerability Insight:
- An error in Xtras allows attackers to trigger installation of
arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL.

- An error exists when handling a specially crafted HTML document that calls
Shockwave content via a compatibility parameter forcing application to
downgrade to the insecure version.

Vulnerability Impact:
Successful exploitation will allow an attacker to execute
arbitrary code by tricking a user into visiting a specially crafted document.

Affected Software/OS:
Adobe Shockwave Player Versions 11.6.8.638 and prior on
Mac OS X

Solution:
No known solution was made available for at least one year since the disclosure of this vulnerability.
Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the
product or replace the product by another one.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 56975
BugTraq ID: 56972
Common Vulnerability Exposure (CVE) ID: CVE-2012-6270
CERT/CC vulnerability note: VU#323161
http://www.kb.cert.org/vuls/id/323161
CERT/CC vulnerability note: VU#546769
http://www.kb.cert.org/vuls/id/546769
Common Vulnerability Exposure (CVE) ID: CVE-2012-6271
CERT/CC vulnerability note: VU#519137
http://www.kb.cert.org/vuls/id/519137
CopyrightCopyright (c) 2013 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.