Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2010 Greenbone Networks GmbHOPENVAS:801335
HistoryMay 19, 2010 - 12:00 a.m.

Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities May-10

2010-05-1900:00:00
Copyright (C) 2010 Greenbone Networks GmbH
plugins.openvas.org
9

0.428 Medium

EPSS

Percentile

97.0%

JSON

This host is installed with Adobe Shockwave Player and is prone
to multiple remote code execution vulnerabilities.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_adobe_shockwave_player_mult_code_exe_vuln_may10.nasl 5263 2017-02-10 13:45:51Z teissa $
#
# Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities May-10
#
# Authors:
# Antu Sanadi <[email protected]>
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation will allow attacker to execute arbitrary code in
  the context of the affected application by tricking a user into visiting a
  specially crafted web page.
  Impact Level: Application.";
tag_affected = "Adobe Shockwave Player prior to 11.5.7.609 on Windows.";
tag_insight = "Multiple flaws are caused by memory corruption errors, integer and buffer
  overflows, array indexing, and signedness errors when processing malformed
  'Shockwave' or 'Director' files, which could be exploited by attackers to
  execute arbitrary code by tricking a user into visiting a specially crafted
  web page.";
tag_solution = "Upgrade to Adobe Shockwave Player 11.5.7.609
  http://get.adobe.com/shockwave/otherversions/";
tag_summary = "This host is installed with Adobe Shockwave Player and is prone
  to multiple remote code execution vulnerabilities.";

if(description)
{
  script_id(801335);
  script_version("$Revision: 5263 $");
  script_tag(name:"last_modification", value:"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $");
  script_tag(name:"creation_date", value:"2010-05-19 14:50:39 +0200 (Wed, 19 May 2010)");
  script_cve_id("CVE-2010-0127", "CVE-2010-0128", "CVE-2010-0129", "CVE-2010-0130",
                "CVE-2010-1280", "CVE-2010-1281", "CVE-2010-1282", "CVE-2010-1283",
                "CVE-2010-1284", "CVE-2010-1286", "CVE-2010-1287", "CVE-2010-1288",
                "CVE-2010-1289", "CVE-2010-1290", "CVE-2010-1291", "CVE-2010-1292",
                "CVE-2010-0987", "CVE-2010-0986");
  script_bugtraq_id(40083, 40076, 40082, 40084, 40081, 40078, 40077, 40088, 40091,
                    40085, 40089, 40096, 40094, 40087, 40090, 40079, 40093, 40086);
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_name("Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities May-10");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/38751");
  script_xref(name : "URL" , value : "http://www.zeroscience.mk/codes/shockwave_mem.txt");
  script_xref(name : "URL" , value : "http://www.vupen.com/english/advisories/2010/1128");
  script_xref(name : "URL" , value : "http://www.adobe.com/support/security/bulletins/apsb10-12.html");
  script_xref(name : "URL" , value : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php");
  script_xref(name : "URL" , value : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html");

  script_tag(name:"qod_type", value:"registry");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
  script_family("General");
  script_dependencies("secpod_adobe_shockwave_player_detect.nasl");
  script_require_keys("Adobe/ShockwavePlayer/Ver");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  exit(0);
}


include("version_func.inc");

shockVer = get_kb_item("Adobe/ShockwavePlayer/Ver");
if(!shockVer){
  exit(0);
}

# Check for versions prior to 11.5.7.609
if(version_is_less(version:shockVer, test_version:"11.5.7.609")){
  security_message(0);
}

Related

checkpoint_advisories 3
securityvulns 20
nessus 2
openvas 1
prion 18
cve 18
seebug 4
packetstorm 1
exploitpack 1
zeroscience 1
zdi 3
coresecurity 1
exploitdb 1
checkpoint_advisories
checkpoint_advisories
Adobe Director Files (CVE-2010-0127; CVE-2010-0128; CVE-2010-0129; CVE-2010-0130; CVE-2010-0986; CVE-2010-0987; CVE-2010-1280; CVE-2010-1281; CVE-2010-1282; CVE-2010-1283; CVE-2010-1284; CVE-2010-1286; CVE-2010-1287; CVE-2010-1288; CVE-2010-1289; CVE-2010-1290; CVE-2010-1291; CVE-2010-1292)
2010-05-17 00:00:00
Adobe Shockwave Player DIR Files PAMI Chunk Code Execution (APSB10-12; CVE-2010-1292)
2010-05-23 00:00:00
Update Protection against Adobe Shockwave Player DIR Files PAMI Chunk Code Execution Vulnerability (APSB10-12)
2010-05-26 00:00:00
securityvulns
securityvulns
Security update available for Shockwave Player
2010-05-12 00:00:00
Adobe Shockwave multiple security vulnerabilities
2010-05-21 00:00:00
VUPEN Security Research - Adobe Shockwave 3D Two Remote Code Execution Vulnerabilities &#40;CVE-2010-1284&#41;
2010-05-13 00:00:00
nessus
nessus
Shockwave Player < 11.5.7.609 Multiple Vulnerabilities (APSB10-12)
2010-05-12 00:00:00
Adobe Shockwave Player <= 11.5.6.606 Multiple Vulnerabilities (APSB10-12) (Mac OS X)
2014-12-22 00:00:00
openvas
openvas
Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities (May 2010)
2010-05-19 00:00:00
prion
prion
Memory corruption
2010-05-13 21:30:00
Memory corruption
2010-05-13 21:30:00
Memory corruption
2010-05-13 21:30:00
cve
cve
CVE-2010-1289
2010-05-13 21:30:00
CVE-2010-1286
2010-05-13 21:30:00
CVE-2010-1291
2010-05-13 21:30:00
seebug
seebug
Adobe Shockwave Player Director文件分析ATOM size无限循环漏洞
2010-05-12 00:00:00
Adobe Shockwave Player Director文件分析RCSL指针覆盖漏洞
2010-05-12 00:00:00
Adobe Shockwave Player 11.5.6.606 (DIR) Multiple Memory Vulnerabilities
2010-05-12 00:00:00
packetstorm
packetstorm
Adobe Shockwave Player 11.5.6.606 Memory Corruption
2010-05-12 00:00:00
exploitpack
exploitpack
Adobe Shockwave Player 11.5.6.606 - DIR Multiple Memory Vulnerabilities
2010-05-12 00:00:00
zeroscience
zeroscience
Adobe Shockwave Player 11.5.6.606 (DIR) Multiple Memory Vulnerabilities
2010-05-11 00:00:00
zdi
zdi
Adobe Shockwave Invalid Offset Memory Corruption Remote Code Execution Vulnerability
2010-05-11 00:00:00
Adobe Shockwave Player 0xFFFFFF49 Record Parsing Remote Code Execution Vulnerability
2010-05-11 00:00:00
Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability
2010-05-11 00:00:00
coresecurity
coresecurity
Adobe Director DIRAPI.DLL Memory Corruption Vulnerability
2010-05-11 00:00:00
exploitdb
exploitdb
Adobe Shockwave Player 11.5.6.606 - &#039;DIR&#039; Multiple Memory Vulnerabilities
2010-05-12 00:00:00

0.428 Medium

EPSS

Percentile

97.0%

JSON
Related for OPENVAS:801335
checkpoint_advisories3securityvulns20nessus2openvas1prion18cve18seebug4packetstorm1exploitpack1zeroscience1zdi3coresecurity1exploitdb1