Lucene search
Copyright (C) 2010 Greenbone AGOPENVAS:1361412562310801631HistoryNov 12, 2010 - 12:00 a.m.
Adobe Shockwave Player Use-After-Free Vulnerability
2010-11-1200:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
15
6.5 Medium
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.054 Low
EPSS
Percentile
93.0%
Adobe Shockwave Player is prone to a use after free vulnerability.
# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.801631");
script_version("2023-07-28T16:09:07+0000");
script_tag(name:"last_modification", value:"2023-07-28 16:09:07 +0000 (Fri, 28 Jul 2023)");
script_tag(name:"creation_date", value:"2010-11-12 15:34:28 +0100 (Fri, 12 Nov 2010)");
script_cve_id("CVE-2010-4092");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_name("Adobe Shockwave Player Use-After-Free Vulnerability");
script_xref(name:"URL", value:"http://secunia.com/advisories/42112");
script_tag(name:"qod_type", value:"registry");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2010 Greenbone AG");
script_family("General");
script_dependencies("secpod_adobe_shockwave_player_detect.nasl");
script_mandatory_keys("Adobe/ShockwavePlayer/Ver");
script_tag(name:"impact", value:"Successful exploitation will let the user-assisted remote
attackers to execute arbitrary code via a crafted web site related to the
Shockwave Settings window and an unloaded library.");
script_tag(name:"affected", value:"Adobe Shockwave Player Version 11.5.9.615 on Windows.");
script_tag(name:"insight", value:"The flaw is due to a use-after-free error in an automatically
installed compatibility component.");
script_tag(name:"solution", value:"Upgrade to Adobe Shockwave Player Version 11.5.9.620.");
script_tag(name:"summary", value:"Adobe Shockwave Player is prone to a use after free vulnerability.");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("version_func.inc");
shockVer = get_kb_item("Adobe/ShockwavePlayer/Ver");
if(!shockVer){
exit(0);
}
if(version_is_less_equal(version:shockVer, test_version:"11.5.9.615")){
report = report_fixed_ver(installed_version:shockVer, vulnerable_range:"Less or equal to 11.5.9.615");
security_message(port: 0, data: report);
}
References
Related
prion
prion
Design/Logic Flaw
2010-11-05 21:00:00
openvas
openvas
Adobe Shockwave Player Use-After-Free Vulnerability
2010-11-12 00:00:00
cve
cve
CVE-2010-4092
2010-11-05 21:00:00
securityvulns
securityvulns
Adobe Shockwave Player multiple security vulnerabilities
2011-02-14 00:00:00
Security update available for Shockwave Player
2011-02-11 00:00:00
nessus
nessus
Adobe Shockwave Player <= 11.5.9.615 (APSB11-01) (Mac OS X)
2014-12-22 00:00:00
Shockwave Player < 11.5.9.620 (APSB11-01)
2011-02-10 00:00:00
6.5 Medium
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.054 Low
EPSS
Percentile
93.0%
Related for OPENVAS:1361412562310801631