Lucene search

[email protected]CVE-2012-6271

HistoryDec 20, 2012 - 12:02 p.m.

CVE-2012-6271

2012-12-2012:02:20

[email protected]

web.nvd.nist.gov

cve-2012-6271

adobe shockwave player

remote attackers

arbitrary signed xtras

vulnerability

nvd

6.8 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

77.0%

JSON

Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an outdated Xtra.

Affected configurations

NVD

Node

adobeshockwave_playerRange≤11.6.8.638

adobeshockwave_playerMatch1.0

adobeshockwave_playerMatch2.0

adobeshockwave_playerMatch3.0

adobeshockwave_playerMatch4.0

adobeshockwave_playerMatch5.0

adobeshockwave_playerMatch6.0

adobeshockwave_playerMatch8.0

adobeshockwave_playerMatch8.0.196

adobeshockwave_playerMatch8.0.196a

adobeshockwave_playerMatch8.0.204

adobeshockwave_playerMatch8.0.205

adobeshockwave_playerMatch8.5.1

adobeshockwave_playerMatch8.5.1.100

adobeshockwave_playerMatch8.5.1.103

adobeshockwave_playerMatch8.5.1.105

adobeshockwave_playerMatch8.5.1.106

adobeshockwave_playerMatch8.5.321

adobeshockwave_playerMatch8.5.323

adobeshockwave_playerMatch8.5.324

adobeshockwave_playerMatch8.5.325

adobeshockwave_playerMatch9.0.383

adobeshockwave_playerMatch9.0.432

adobeshockwave_playerMatch10.0.0.210

adobeshockwave_playerMatch10.0.1.004

adobeshockwave_playerMatch10.1.0.11

adobeshockwave_playerMatch10.1.0.011

adobeshockwave_playerMatch10.1.1.016

adobeshockwave_playerMatch10.1.4.020

adobeshockwave_playerMatch10.2.0.021

adobeshockwave_playerMatch10.2.0.022

adobeshockwave_playerMatch10.2.0.023

adobeshockwave_playerMatch11.0.0.456

adobeshockwave_playerMatch11.0.3.471

adobeshockwave_playerMatch11.5.0.595

adobeshockwave_playerMatch11.5.0.596

adobeshockwave_playerMatch11.5.1.601

adobeshockwave_playerMatch11.5.2.602

adobeshockwave_playerMatch11.5.6.606

adobeshockwave_playerMatch11.5.7.609

adobeshockwave_playerMatch11.5.8.612

adobeshockwave_playerMatch11.5.9.615

adobeshockwave_playerMatch11.5.9.620

adobeshockwave_playerMatch11.5.10.620

adobeshockwave_playerMatch11.6.0.626

adobeshockwave_playerMatch11.6.1.629

adobeshockwave_playerMatch11.6.3.633

adobeshockwave_playerMatch11.6.4.634

adobeshockwave_playerMatch11.6.5.635

adobeshockwave_playerMatch11.6.6.636

adobeshockwave_playerMatch11.6.7.637

CPENameOperatorVersion
adobe:shockwave_playeradobe shockwave playerle11.6.8.638
adobe:shockwave_playeradobe shockwave playereq1.0
adobe:shockwave_playeradobe shockwave playereq2.0
adobe:shockwave_playeradobe shockwave playereq3.0
adobe:shockwave_playeradobe shockwave playereq4.0
adobe:shockwave_playeradobe shockwave playereq5.0
adobe:shockwave_playeradobe shockwave playereq6.0
adobe:shockwave_playeradobe shockwave playereq8.0
adobe:shockwave_playeradobe shockwave playereq8.0.196
adobe:shockwave_playeradobe shockwave playereq8.0.196a

CPE	Name	Operator	Version
adobe:shockwave_player	adobe shockwave player	le	11.6.8.638
adobe:shockwave_player	adobe shockwave player	eq	1.0
adobe:shockwave_player	adobe shockwave player	eq	2.0
adobe:shockwave_player	adobe shockwave player	eq	3.0
adobe:shockwave_player	adobe shockwave player	eq	4.0
adobe:shockwave_player	adobe shockwave player	eq	5.0
adobe:shockwave_player	adobe shockwave player	eq	6.0
adobe:shockwave_player	adobe shockwave player	eq	8.0
adobe:shockwave_player	adobe shockwave player	eq	8.0.196
adobe:shockwave_player	adobe shockwave player	eq	8.0.196a