CVE-2012-6270

2012-12-2012:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2012-6270

adobe shockwave player

remote attackers

installation trigger

compatibility feature

crafted html document

6.3 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

74.6%

JSON

Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of a Shockwave Player 10.4.0.025 compatibility feature via a crafted HTML document that references Shockwave content with a certain compatibility parameter, related to a “downgrading” attack.

CPENameOperatorVersion
adobe:shockwave_playeradobe shockwave playereq8.5.324
adobe:shockwave_playeradobe shockwave playereq5.0
adobe:shockwave_playeradobe shockwave playereq4.0
adobe:shockwave_playeradobe shockwave playereq11.6.5.635
adobe:shockwave_playeradobe shockwave playereq8.5.1
adobe:shockwave_playeradobe shockwave playereq10.1.4.020
adobe:shockwave_playeradobe shockwave playereq11.5.9.615
adobe:shockwave_playeradobe shockwave playereq11.6.0.626
adobe:shockwave_playeradobe shockwave playereq11.5.1.601
adobe:shockwave_playeradobe shockwave playereq11.0.0.456

CPE	Name	Operator	Version
adobe:shockwave_player	adobe shockwave player	eq	8.5.324
adobe:shockwave_player	adobe shockwave player	eq	5.0
adobe:shockwave_player	adobe shockwave player	eq	4.0
adobe:shockwave_player	adobe shockwave player	eq	11.6.5.635
adobe:shockwave_player	adobe shockwave player	eq	8.5.1
adobe:shockwave_player	adobe shockwave player	eq	10.1.4.020
adobe:shockwave_player	adobe shockwave player	eq	11.5.9.615
adobe:shockwave_player	adobe shockwave player	eq	11.6.0.626
adobe:shockwave_player	adobe shockwave player	eq	11.5.1.601
adobe:shockwave_player	adobe shockwave player	eq	11.0.0.456