Adobe Shockwave Player
Vulnerability: Multiple vulnerabilities in Adobe Shockwave Player
Severity level: High
Patch existence: Yes
Quantity of vulnerabilities: 6
Impact: System compromise
Vulnerable products: Adobe Shockwave Player 11.x
Vulnerable versions: Adobe Shockwave Player 11.6.7.637 and earlier versions for Windows and Mac.
CVE ID: CVE-2012-4172
CVE-2012-4173
CVE-2012-4174
CVE-2012-4175
CVE-2012-4176
CVE-2012-5273
Description:
The found vulnerabilities allow the removed user to execute any code on target system.
1. Vulnerability exists because of an unknown mistake. The removed user can cause overflow of the buffer and compromise target system.
2. Vulnerability exists because of an unknown mistake. The removed user can cause overflow of the buffer and compromise target system.
3. Vulnerability exists because of an unknown mistake. The removed user can cause overflow of the buffer and compromise target system.
4. Vulnerability exists because of an unknown mistake. The removed user can cause overflow of the buffer and compromise target system.
5. Vulnerability exists because of an unknown mistake. The removed user can cause overflow of the buffer and compromise target system.
6. Vulnerability exists because of an unknown mistake. The removed user can cause damage of memory and compromise target system.
Manufacturer: Adobe Systems Inc.
Solution: Establish the last version 11.6.8.638 from a site of the producer.
Links:
http://www.adobe.com/support/security/bulletins/apsb12-23.html
http://www.kb.cert.org/vuls/id/872545
