This update addresses critical vulnerabilities in Adobe Shockwave Player 11.6.3.633 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to Adobe Shockwave Player 11.6.4.634 using the instructions provided below.
AFFECTED SOFTWARE VERSIONS
Shockwave Player 11.6.3.633 and earlier versions for Windows and Macintosh
SOLUTION
Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to the newest version 11.6.4.634, available here: http://get.adobe.com/shockwave/.
SEVERITY RATING
Adobe categorizes this as a critical update and recommends that users apply the latest update for their product installation by following the instructions in the "Solution" section above.
DETAILS
This update addresses critical vulnerabilities in Adobe Shockwave Player 11.6.3.633 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to Adobe Shockwave Player 11.6.4.634 using the instructions provided above.
This update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0757).
This update resolves a heap overflow vulnerability that could lead to code execution (CVE-2012-0758).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2012-0759).
This update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0760).
This update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0761).
This update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0762).
This update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0763).
This update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0764).
This update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0766).
ACKNOWLEDGMENTS
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
Honggang Ren of Fortinet's FortiGuard Labs (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766)
instruder of Code Audit Labs of vulnhunt.com (CVE-2012-0758, CVE-2012-0759)
{"id": "SECURITYVULNS:DOC:27687", "bulletinFamily": "software", "title": "Security update available for Adobe Shockwave Player", "description": "Security update available for Adobe Shockwave Player\r\n\r\nRelease date: February 14, 2012\r\n\r\nVulnerability identifier: APSB12-02\r\n\r\nCVE number: CVE-2012-0757, CVE-2012-0758, CVE-2012-0759, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766\r\n\r\nPlatform: Windows and Macintosh\r\n\r\nSUMMARY\r\n\r\nThis update addresses critical vulnerabilities in Adobe Shockwave Player 11.6.3.633 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to Adobe Shockwave Player 11.6.4.634 using the instructions provided below.\r\n\r\nAFFECTED SOFTWARE VERSIONS\r\n\r\nShockwave Player 11.6.3.633 and earlier versions for Windows and Macintosh\r\n\r\nSOLUTION\r\n\r\nAdobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to the newest version 11.6.4.634, available here: http://get.adobe.com/shockwave/.\r\n\r\nSEVERITY RATING\r\n\r\nAdobe categorizes this as a critical update and recommends that users apply the latest update for their product installation by following the instructions in the "Solution" section above.\r\n\r\nDETAILS\r\n\r\nThis update addresses critical vulnerabilities in Adobe Shockwave Player 11.6.3.633 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to Adobe Shockwave Player 11.6.4.634 using the instructions provided above.\r\n\r\nThis update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0757).\r\n\r\nThis update resolves a heap overflow vulnerability that could lead to code execution (CVE-2012-0758).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2012-0759).\r\n\r\nThis update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0760).\r\n\r\nThis update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0761).\r\n\r\nThis update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0762).\r\n\r\nThis update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0763).\r\n\r\nThis update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0764).\r\n\r\nThis update resolves a memory corruption vulnerability in the Shockwave 3D Asset that could lead to code execution (CVE-2012-0766).\r\n\r\nACKNOWLEDGMENTS\r\n\r\nAdobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:\r\n\r\nHonggang Ren of Fortinet's FortiGuard Labs (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766)\r\ninstruder of Code Audit Labs of vulnhunt.com (CVE-2012-0758, CVE-2012-0759)", "published": "2012-02-16T00:00:00", "modified": "2012-02-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27687", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:43", "edition": 1, "viewCount": 18, "enchantments": {"score": {"value": 8.8, "vector": "NONE", "modified": "2018-08-31T11:10:43", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["SHOCKWAVE_PLAYER_APSB12-02.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "OPENSUSE-2013-17.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12208", "SECURITYVULNS:VULN:12207", "SECURITYVULNS:DOC:27689", "SECURITYVULNS:DOC:27690"]}, {"type": "seebug", "idList": ["SSV:30122"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310802803", "OPENVAS:1361412562310802398", "OPENVAS:802804", "OPENVAS:802803", "OPENVAS:1361412562310802804", "OPENVAS:802399", "OPENVAS:1361412562310802805", "OPENVAS:802805", "OPENVAS:802398", "OPENVAS:1361412562310802399"]}, {"type": "cve", "idList": ["CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0758", "CVE-2012-0766", "CVE-2012-0757", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0763"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2013:0131-1", "OPENSUSE-SU-2013:0149-1"]}], "modified": "2018-08-31T11:10:43", "rev": 2}, "vulnersScore": 8.8}, "affectedSoftware": [], "immutableFields": []}
{"securityvulns": [{"lastseen": "2021-06-08T19:12:17", "bulletinFamily": "software", "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "description": "Buffer overflow, multiple memory corruptions.", "edition": 2, "modified": "2012-02-16T00:00:00", "published": "2012-02-16T00:00:00", "id": "SECURITYVULNS:VULN:12207", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12207", "title": "Adobe Shockwave Player multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:43", "bulletinFamily": "software", "cvelist": ["CVE-2012-0759"], "description": "[CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory \r\ncorruption vulnerability\r\n\r\n\r\nDiscover: instruder of code audit labs of vulnhunt.com\r\nCAL: CAL-2011-0055\r\nCVE: CVE-2012-0759\r\n\r\nhttp://blog.vulnhunt.com/index.php/2012/02/15/cal-2011-0055_adobe-shockwave-player-parsing-block_cout-memory-corruption-vulnerability/\r\n\r\nadobe security bulletins\r\nhttp://www.adobe.com/support/security/bulletins/apsb12-02.html\r\n\r\n\r\n1 Affected Products\r\n=================\r\nTest Version:\r\nAdobe Shockeave Player 11.6.3.633\r\nAdobe Shockwave Player 11.6.1.629\r\nand prior\r\n\r\n2 Vulnerability Details\r\n=====================\r\n\r\nWhen adobe shockwave player parsing the field of KEY_ATOM of Director File,\r\nit don't have proper check,this will lead the key atom pointer overwrite.\r\nSuccessfully exploited this vulnerability will lead to arbitrary code \r\nexecution.\r\n\r\n\r\n3 Exploitable?\r\n============\r\nThis vulnerability will lead the key atom pointer overwrite\r\nSuccessfully exploited this vulnerability will lead to arbitrary code \r\nexecution.\r\n\r\n\r\n\r\n4 About Code Audit Labs:\r\n=====================\r\nCode Audit Labs secure your software,provide Professional include source\r\ncode audit and binary code audit service.\r\nCode Audit Labs:" You create value for customer,We protect your value"\r\nhttp://www.VulnHunt.com\r\nhttp://blog.vulnhunt.com\r\nhttp://t.qq.com/vulnhunt\r\nhttp://weibo.com/vulnhunt\r\n\r\n", "edition": 1, "modified": "2012-02-16T00:00:00", "published": "2012-02-16T00:00:00", "id": "SECURITYVULNS:DOC:27689", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27689", "title": "[CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:43", "bulletinFamily": "software", "cvelist": ["CVE-2012-0758"], "description": "[CAL-2011-0071]Adobe Shockwave Player Parsing cupt atom heap overflow\r\n\r\n\r\nDiscover: instruder of code audit labs of vulnhunt.com\r\nCAL: CAL-2011-0071\r\nCVE: CVE-2012-0758\r\n\r\nhttp://blog.vulnhunt.com/index.php/2012/02/15/cal-2011-0071_adobe-shockwave-player-parsing-cupt-atom-heap-overflow/\r\n\r\nadobe security bulletins\r\nhttp://www.adobe.com/support/security/bulletins/apsb12-02.html\r\n\r\n\r\n1 Affected Products\r\n=================\r\nadobe shockwave 11.6.3.633\r\nadobe Shockwave 11.6.1.629 and prior\r\n\r\n\r\n2 Vulnerability Details\r\n=====================\r\nWhen adobe shockwave player parsing a dir type file,\r\nit takes a dword from the dir file,and then take some\r\nComputing this computing will leding to Integer overflow,\r\nallocate a small memory,this Cause a heap overflow.\r\n\r\n\r\n3 Analysis\r\n=========\r\nasm in dirapi.dll 11.6.1.629\r\n\r\ntext:6809FC7A push esi\r\ntext:6809FC7B push edi\r\ntext:6809FC7C push ebp\r\ntext:6809FC7D call IML32_1414_get_a_dword //get a \r\ndword form dir file\r\ntext:6809FC82 mov esi, eax //if eax=66666680 \r\nsome like this,after esi+esi*4 Will cause a heap overflow\r\ntext:6809FC84 lea eax, [esi+esi*4] // Integrated \r\n overflow\r\ntext:6809FC87 push 1\r\ntext:6809FC89 lea ecx, ds:24h[eax*8]\r\ntext:6809FC90 push ecx\r\ntext:6809FC91 call IML32_1111 ; \r\ntext:6809FC96 push eax\r\ntext:6809FC97 mov [esp+14h+arg_4], eax\r\ntext:6809FC9B call IML32_1114 //allocate memory \r\ntext:6809FCA0 mov edi, eax\r\ntext:6809FCA2 test edi, edi\r\ntext:6809FCA4 jz short loc_6809FD03\r\ntext:6809FCA6 mov [edi+1Ch], esi\r\ntext:6809FCA9 test esi, esi\r\ntext:6809FCAB jbe short loc_6809FCCB\r\ntext:6809FCAD lea esi, [edi+28h]\r\ntext:6809FCB0\r\ntext:6809FCB0 loc_6809FCB0: ; CODE XREF: \r\nsub_6809FC60+69\u0019j\r\ntext:6809FCB0 push ebp\r\ntext:6809FCB1 call IML32_1414_get_a_dword ////write \r\nthe dword to the heap\r\ntext:6809FCB6 push 20h\r\ntext:6809FCB8 push esi\r\ntext:6809FCB9 push ebp\r\ntext:6809FCBA mov [esi-4], eax\r\ntext:6809FCBD call IML32_1409\r\ntext:6809FCC2 inc ebx\r\ntext:6809FCC3 add esi, 28h ////heap buffer overflow\r\ntext:6809FCC6 cmp ebx, [edi+1Ch]\r\ntext:6809FCC9 jb short loc_6809FCB0 //Cycle\r\n\r\n\r\n\r\nc code like\r\n==================\r\n\r\n v6 = v4 + 40;\r\n do\r\n {\r\n *(_DWORD *)(v6 - 4) = IML32_1414_get_a_dword(v3);\r\n v4 = IML32_1409();\r\n ++v2;\r\n v6 += 40;\r\n }\r\n while ( v2 < *(_DWORD *)(v5 + 0x1C) );\r\n\r\n\r\n\r\n\r\n4 Exploitable?\r\n============\r\nSuccessfully exploited this vulnerability could lead to arbitrary code \r\nexecution.\r\n\r\n\r\n5 Crash info:\r\n===============\r\neax=00000000 ebx=00002a63 ecx=07916058 edx=08980028 esi=07981008 \r\nedi=07917068\r\neip=0754fd5a esp=09e9ef28 ebp=08250bd8 iopl=0 nv up ei pl zr na \r\npe nc\r\ncs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 \r\nefl=00210246\r\n*** ERROR: Module load completed but symbols could not be loaded for \r\nC:\WINDOWS\system32\Adobe\Shockwave 11\DIRAPI.dll\r\nDIRAPI+0x9fd5a:\r\n0754fd5a 8946fc mov dword ptr [esi-4],eax \r\nds:0023:07981004=????????0:028> 0:023> kb\r\nChildEBP RetAddr Args to Child\r\nWARNING: Stack unwind information not available. Following frames may be \r\nwrong.\r\n09e9ef40 0755028c 07894154 08250bb0 07894154 DIRAPI+0x9fd5a\r\n00000000 00000000 00000000 00000000 00000000 DIRAPI+0xa028cPOC\r\n\r\n\r\n6 About Code Audit Labs:\r\n=====================\r\nCode Audit Labs secure your software,provide Professional include source\r\ncode audit and binary code audit service.\r\nCode Audit Labs:" You create value for customer,We protect your value"\r\nhttp://www.VulnHunt.com\r\nhttp://blog.vulnhunt.com\r\nhttp://t.qq.com/vulnhunt\r\nhttp://weibo.com/vulnhunt\r\n", "edition": 1, "modified": "2012-02-16T00:00:00", "published": "2012-02-16T00:00:00", "id": "SECURITYVULNS:DOC:27690", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27690", "title": "[CAL-2011-0071]Adobe Shockwave Player Parsing cupt atom heap overflow", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:56:57", "bulletinFamily": "software", "cvelist": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0751", "CVE-2012-0755"], "description": "Memory corruptions, protection bypass, crossite scripting.", "edition": 2, "modified": "2012-06-13T00:00:00", "published": "2012-06-13T00:00:00", "id": "SECURITYVULNS:VULN:12208", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12208", "title": "Adobe Flash Player multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-07-02T03:40:22", "description": "The remote Windows host contains a version of Adobe's Shockwave\nPlayer that is 11.6.3.633 or earlier. As such, it is potentially\naffected by multiple code execution vulnerabilities. \n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that could lead to code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n could lead to code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that could lead to code execution. (CVE-2012-0759)\n\nA remote attacker could exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.", "edition": 30, "published": "2012-02-14T00:00:00", "title": "Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "modified": "2021-07-02T00:00:00", "cpe": ["cpe:/a:adobe:shockwave_player"], "id": "SHOCKWAVE_PLAYER_APSB12-02.NASL", "href": "https://www.tenable.com/plugins/nessus/57941", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57941);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_bugtraq_id(\n 51999,\n 52000,\n 52001,\n 52002,\n 52003,\n 52004,\n 52005,\n 52006,\n 52007\n );\n script_cve_id(\n \"CVE-2012-0757\",\n \"CVE-2012-0758\",\n \"CVE-2012-0759\",\n \"CVE-2012-0760\",\n \"CVE-2012-0761\",\n \"CVE-2012-0762\",\n \"CVE-2012-0763\",\n \"CVE-2012-0764\",\n \"CVE-2012-0766\"\n );\n\n script_name(english:\"Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02)\");\n script_summary(english:\"Checks version of Shockwave Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe's Shockwave\nPlayer that is 11.6.3.633 or earlier. As such, it is potentially\naffected by multiple code execution vulnerabilities. \n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that could lead to code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n could lead to code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that could lead to code execution. (CVE-2012-0759)\n\nA remote attacker could exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Shockwave 11.6.4.634 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"shockwave_player_apsb09_08.nasl\");\n script_require_keys(\"SMB/shockwave_player\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_kb_item(\"SMB/transport\");\ninstalls = get_kb_list_or_exit(\"SMB/shockwave_player/*/path\");\n\ninfo = NULL;\npattern = \"SMB/shockwave_player/([^/]+)/([^/]+)/path\";\n\nforeach install (keys(installs))\n{\n match = eregmatch(string:install, pattern:pattern);\n if (!match) exit(1, \"Unexpected format of KB key '\" + install + \"'.\");\n\n file = installs[install];\n variant = match[1];\n version = match[2];\n\n # nb: APSB12-02 says version 11.6.3.633 and earlier are affected.\n if (ver_compare(ver:version, fix:\"11.6.3.633\") <= 0)\n {\n if (variant == \"Plugin\")\n info += '\\n - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n else if (variant == \"ActiveX\")\n info += '\\n - ActiveX control (for Internet Explorer) :\\n';\n info += ' ' + file + ', ' + version + '\\n';\n }\n}\n\nif (!info) exit(0, \"No vulnerable installs of Shockwave Player were found.\");\n\nif (report_verbosity > 0)\n{\n if (max_index(split(info)) > 2) s = \"s\";\n else s = \"\";\n\n report =\n '\\nNessus has identified the following vulnerable instance' + s + ' of Shockwave'+\n '\\nPlayer installed on the remote host :' +\n '\\n' +\n info;\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-02T01:21:24", "description": "The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is 11.6.3.633 or earlier. It is, therefore, affected by multiple\ncode execution vulnerabilities.\n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that allow code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n allows code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that allows to code execution. (CVE-2012-0759)\n\nA remote attacker can exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.", "edition": 30, "published": "2014-12-22T00:00:00", "title": "Adobe Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02) (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0766"], "modified": "2021-07-02T00:00:00", "cpe": ["cpe:/a:adobe:shockwave_player"], "id": "MACOSX_SHOCKWAVE_PLAYER_APSB12-02.NASL", "href": "https://www.tenable.com/plugins/nessus/80179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80179);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2012-0757\",\n \"CVE-2012-0758\",\n \"CVE-2012-0759\",\n \"CVE-2012-0760\",\n \"CVE-2012-0761\",\n \"CVE-2012-0762\",\n \"CVE-2012-0763\",\n \"CVE-2012-0764\",\n \"CVE-2012-0766\"\n );\n script_bugtraq_id(\n 51999,\n 52000,\n 52001,\n 52002,\n 52003,\n 52004,\n 52005,\n 52006,\n 52007\n );\n\n script_name(english:\"Adobe Shockwave Player <= 11.6.3.633 Multiple Code Execution Vulnerabilities (APSB12-02) (Mac OS X)\");\n script_summary(english:\"Checks the version of Shockwave Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is 11.6.3.633 or earlier. It is, therefore, affected by multiple\ncode execution vulnerabilities.\n\n - Multiple memory corruption issues exist related to the\n Shockwave 3D Asset that allow code execution.\n (CVE-2012-0757, CVE-2012-0760, CVE-2012-0761,\n CVE-2012-0762, CVE-2012-0763, CVE-2012-0764,\n CVE-2012-0766)\n\n - An unspecified heap-based buffer overflow exists that\n allows code execution. (CVE-2012-0758)\n\n - An unspecified memory corruption vulnerability exists\n that allows to code execution. (CVE-2012-0759)\n\nA remote attacker can exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Shockwave 11.6.4.634 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0766\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"shockwave_player_detect_macosx.nbin\");\n script_require_keys(\"installed_sw/Shockwave Player\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp = 'Shockwave Player';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\nif (ver_compare(ver:ver, fix:'11.6.3.633', strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed versions : 11.6.4.634' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(port:0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:26:15", "description": "The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was\nupdated to version 2.15. Mozilla Thunderbird was updated to version\n17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n\n - MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20\n 13-0767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column\n groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory\n corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free\n in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free\n in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free\n in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free\n in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and\nnew features.\n\nMozilla NSS was updated to 3.14.1 containing various new features,\nsecurity fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from\n TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous\n releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see http://www.mozilla.org/MPL/2.0/FAQ.html. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\nPlease see http://www.mozilla.org/security/announce/ for more\ninformation.", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0743", "CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0751", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2012-0759", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:mozilla-js", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:xulrunner-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nspr", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:mozilla-nspr-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit", "p-cpe:/a:novell:opensuse:seamonkey-venkman", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:xulrunner-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xulrunner-debugsource", "p-cpe:/a:novell:opensuse:mozilla-js-32bit", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:mozilla-nspr-devel", "p-cpe:/a:novell:opensuse:mozilla-js-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:enigmail", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo", "p-cpe:/a:novell:opensuse:xulrunner-buildsymbols", "p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource", "p-cpe:/a:novell:opensuse:seamonkey", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:enigmail-debuginfo"], "id": "OPENSUSE-2013-17.NASL", "href": "https://www.tenable.com/plugins/nessus/74918", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-17.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74918);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0759\", \"CVE-2012-5829\", \"CVE-2013-0744\", \"CVE-2013-0745\", \"CVE-2013-0746\", \"CVE-2013-0747\", \"CVE-2013-0748\", \"CVE-2013-0749\", \"CVE-2013-0750\", \"CVE-2013-0751\", \"CVE-2013-0752\", \"CVE-2013-0753\", \"CVE-2013-0754\", \"CVE-2013-0755\", \"CVE-2013-0756\", \"CVE-2013-0757\", \"CVE-2013-0758\", \"CVE-2013-0759\", \"CVE-2013-0760\", \"CVE-2013-0761\", \"CVE-2013-0762\", \"CVE-2013-0763\", \"CVE-2013-0764\", \"CVE-2013-0766\", \"CVE-2013-0767\", \"CVE-2013-0768\", \"CVE-2013-0769\", \"CVE-2013-0770\", \"CVE-2013-0771\");\n\n script_name(english:\"openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)\");\n script_summary(english:\"Check for the openSUSE-2013-17 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla January 8th 2013 security release contains updates :\n\nMozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was\nupdated to version 2.15. Mozilla Thunderbird was updated to version\n17.0.2. Mozilla XULRunner was updated to version 17.0.2.\n\n - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n\n - MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20\n 13-0767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n\n - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n\n - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n\n - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column\n groups\n\n - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n\n - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n\n - MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n\n - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n\n - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n\n - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n\n - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in JavaScript string concatenation\n\n - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory\n corruption in XBL with XML bindings containing SVG\n\n - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n\n - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n\n - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free\n in serializeToStream\n\n - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free\n in ListenerManager\n\n - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free\n in Vibrate\n\n - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free\n in JavaScript Proxy objects\n\nMozilla NSPR was updated to 4.9.4, containing some small bugfixes and\nnew features.\n\nMozilla NSS was updated to 3.14.1 containing various new features,\nsecurity fix and bugfixes :\n\n - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from\n TURKTRUST\n\nCryptographic changes done :\n\n - Support for TLS 1.1 (RFC 4346)\n\n - Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n\n - Support for AES-CTR, AES-CTS, and AES-GCM\n\n - Support for Keying Material Exporters for TLS (RFC 5705)\n\n - Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n\n - The NSS license has changed to MPL 2.0. Previous\n releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see http://www.mozilla.org/MPL/2.0/FAQ.html. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n\n - Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\nPlease see http://www.mozilla.org/security/announce/ for more\ninformation.\"\n );\n # http://www.mozilla.org/MPL/2.0/FAQ.html.\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/MPL/2.0/FAQ.html.\"\n );\n # http://www.mozilla.org/security/announce/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=796628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-01/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox / seamonkey / thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox 17.0.1 Flash Privileged Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:enigmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-venkman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-branding-upstream-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-buildsymbols-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debuginfo-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-debugsource-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-devel-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-common-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaFirefox-translations-other-18.0-2.58.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-debugsource-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-common-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"MozillaThunderbird-translations-other-17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-33.47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-js-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debuginfo-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-debugsource-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nspr-devel-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debugsource-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-devel-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debuginfo-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-debugsource-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-dom-inspector-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-irc-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-common-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-translations-other-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"seamonkey-venkman-2.15-2.49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-buildsymbols-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-debugsource-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-3.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-9.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-branding-upstream-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-buildsymbols-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debuginfo-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-debugsource-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-devel-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-common-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaFirefox-translations-other-18.0-2.29.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-buildsymbols-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-debugsource-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-devel-debuginfo-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-common-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"MozillaThunderbird-translations-other-17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"enigmail-debuginfo-1.5.0+17.0.2-49.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libfreebl3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libsoftokn3-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-js-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debuginfo-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-debugsource-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nspr-devel-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-certs-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-debugsource-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-devel-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"mozilla-nss-tools-debuginfo-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debuginfo-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-debugsource-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-dom-inspector-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-irc-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-common-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-translations-other-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"seamonkey-venkman-2.15-2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-buildsymbols-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-debugsource-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"xulrunner-devel-debuginfo-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-js-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.9.4-1.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.14.1-2.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-32bit-17.0.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-17.0.2-2.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:38:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2012-02-17T00:00:00", "id": "OPENVAS:1361412562310802398", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802398", "type": "openvas", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-19\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802398\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\", \"CVE-2012-0771\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 12:55:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47932/\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1026675\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_mandatory_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\");\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player Versions 11.6.3.633 and prior on Windows.\");\n script_tag(name:\"insight\", value:\"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/shockwave/otherversions/\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n\nif(version_is_less(version:vers, test_version:\"11.6.4.634\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.6.4.634\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-02-23T15:40:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "modified": "2018-02-23T00:00:00", "published": "2012-02-17T00:00:00", "id": "OPENVAS:802399", "href": "http://plugins.openvas.org/nasl.php?oid=802399", "type": "openvas", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_vuln_macosx_feb12.nasl 8932 2018-02-23 08:01:57Z santu $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-19\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\ntag_impact = \"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\n Impact Level: System/Application\";\ntag_affected = \"Adobe Shockwave Player Versions 11.6.3.633 and prior on Mac OS X\";\ntag_insight = \"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\";\ntag_solution = \"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later,\n For updates refer to http://get.adobe.com/shockwave/otherversions/\";\ntag_summary = \"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(802399);\n script_version(\"$Revision: 8932 $\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\", \"CVE-2012-0771\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-23 09:01:57 +0100 (Fri, 23 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 13:34:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/47932/\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1026675\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Shockwave/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n \n## Variables Initialization\nvers = \"\";\n\ninfos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n\n## Check for Adobe Shockwave Player versions prior to 11.6.4.634\nif(version_is_less(version:vers, test_version:\"11.6.4.634\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.6.4.634\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0); \n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2012-02-17T00:00:00", "id": "OPENVAS:1361412562310802399", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802399", "type": "openvas", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-19\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802399\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\", \"CVE-2012-0771\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 13:34:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (MAC OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47932/\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1026675\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Shockwave/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\");\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player Versions 11.6.3.633 and prior on Mac OS X\");\n script_tag(name:\"insight\", value:\"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/shockwave/otherversions/\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n\nif(version_is_less(version:vers, test_version:\"11.6.4.634\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.6.4.634\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-02-23T15:43:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0763", "CVE-2012-0758", "CVE-2012-0757", "CVE-2012-0764", "CVE-2012-0760", "CVE-2012-0759", "CVE-2012-0762", "CVE-2012-0761", "CVE-2012-0771", "CVE-2012-0766"], "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.", "modified": "2018-02-23T00:00:00", "published": "2012-02-17T00:00:00", "id": "OPENVAS:802398", "href": "http://plugins.openvas.org/nasl.php?oid=802398", "type": "openvas", "title": "Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_vuln_win_feb12.nasl 8932 2018-02-23 08:01:57Z santu $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-02-19\n# - Updated to include Installation path in the report.\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\ntag_impact = \"Successful exploitation will allow attackers to cause denial of service or\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\n Impact Level: System/Application\";\ntag_affected = \"Adobe Shockwave Player Versions 11.6.3.633 and prior on Windows.\";\ntag_insight = \"The flaws are due to memory corruptions errors in Shockwave 3D Asset\n component when processing malformed file.\";\ntag_solution = \"Upgrade to Adobe Shockwave Player version 11.6.4.634 or later,\n For updates refer to http://get.adobe.com/shockwave/otherversions/\";\ntag_summary = \"This host is installed with Adobe Shockwave Player and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(802398);\n script_version(\"$Revision: 8932 $\");\n script_cve_id(\"CVE-2012-0757\", \"CVE-2012-0759\", \"CVE-2012-0760\", \"CVE-2012-0761\",\n \"CVE-2012-0762\", \"CVE-2012-0763\", \"CVE-2012-0764\", \"CVE-2012-0766\",\n \"CVE-2012-0758\", \"CVE-2012-0771\");\n script_bugtraq_id(51999, 52006, 52000, 52001, 52002, 52003, 52004, 52005, 52007);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-23 09:01:57 +0100 (Fri, 23 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-17 12:55:43 +0530 (Fri, 17 Feb 2012)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/47932/\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1026675\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb12-02.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_mandatory_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\n## Variables Initialization\nvers = \"\";\n\ninfos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n\n## Check for Adobe Shockwave Player versions prior to 11.6.4.634\nif(version_is_less(version:vers, test_version:\"11.6.4.634\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.6.4.634\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0); \n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-19T10:50:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0767"], "description": "This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.", "modified": "2017-07-04T00:00:00", "published": "2012-02-22T00:00:00", "id": "OPENVAS:802805", "href": "http://plugins.openvas.org/nasl.php?oid=802805", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_flash_player_mult_vuln_macosx_feb12.nasl 6521 2017-07-04 14:51:10Z cfischer $\n#\n# Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary\n code in the context of the affected application or cause a denial of\n service condition.\n Impact Level: Application.\";\ntag_affected = \"Adobe Flash Player version before 10.3.183.15\n Adobe Flash Player version 11.x through 11.1.102.55 on Mac OS X\";\ntag_insight = \"The flaws are due to,\n - A memory corruption error in ActiveX control\n - A type confusion memory corruption error\n - An unspecified error related to MP4 parsing\n - Many unspecified erros which allows to bypass certain security\n restrictions\n - Improper validation of user supplied input which allows\n attackers to execute arbitrary HTML and script code in a user's browser\n session\";\ntag_solution = \"Upgrade to Adobe Flash Player version 10.3.183.15 or 11.1.102.62 or later,\n For updates refer to http://www.adobe.com/downloads/\";\ntag_summary = \"This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(802805);\n script_version(\"$Revision: 6521 $\");\n script_cve_id(\"CVE-2012-0752\", \"CVE-2012-0753\", \"CVE-2012-0754\", \"CVE-2012-0757\",\n \"CVE-2012-0756\", \"CVE-2012-0767\");\n script_bugtraq_id(52032, 52033, 52034, 51999, 52036, 52040);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-04 16:51:10 +0200 (Tue, 04 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-22 14:54:18 +0530 (Wed, 22 Feb 2012)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/48033\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1026694\");\n script_xref(name : \"URL\" , value : \"http://www.securelist.com/en/advisories/48033\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb12-03.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nflashVer = NULL;\n\n#Get Adobe Flash Player Version\nflashVer = get_kb_item(\"Adobe/Flash/Player/MacOSX/Version\");\nif(isnull(flashVer)){\n exit(0);\n}\n\n## Check for Adobe Flash Player versions 11.1.102.55 and prior\nif(version_is_less(version:flashVer, test_version:\"10.3.183.15\")||\n version_in_range(version:flashVer, test_version:\"11.0\", test_version2:\"11.1.102.55\")){\n security_message(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-09-23T15:14:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0767"], "description": "This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.", "modified": "2019-09-16T00:00:00", "published": "2012-02-22T00:00:00", "id": "OPENVAS:1361412562310802805", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802805", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802805\");\n script_version(\"2019-09-16T06:54:58+0000\");\n script_cve_id(\"CVE-2012-0752\", \"CVE-2012-0753\", \"CVE-2012-0754\", \"CVE-2012-0757\",\n \"CVE-2012-0756\", \"CVE-2012-0767\");\n script_bugtraq_id(52032, 52033, 52034, 51999, 52036, 52040);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-09-16 06:54:58 +0000 (Mon, 16 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-02-22 14:54:18 +0530 (Wed, 22 Feb 2012)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary\n code in the context of the affected application or cause a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 10.3.183.15\n Adobe Flash Player version 11.x through 11.1.102.55 on Mac OS X.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - A memory corruption error in ActiveX control\n\n - A type confusion memory corruption error\n\n - An unspecified error related to MP4 parsing\n\n - Many unspecified errors which allows to bypass certain security\n restrictions\n\n - Improper validation of user supplied input which allows attackers to\n execute arbitrary HTML and script code in a user's browser session.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version 10.3.183.15 or 11.1.102.62 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/48033\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1026694\");\n script_xref(name:\"URL\", value:\"http://www.securelist.com/en/advisories/48033\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-03.html\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nflashVer = get_kb_item(\"Adobe/Flash/Player/MacOSX/Version\");\nif(isnull(flashVer)){\n exit(0);\n}\n\nif(version_is_less(version:flashVer, test_version:\"10.3.183.15\")||\n version_in_range(version:flashVer, test_version:\"11.0\", test_version2:\"11.1.102.55\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-09-23T15:14:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0767"], "description": "This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.", "modified": "2019-09-16T00:00:00", "published": "2012-02-22T00:00:00", "id": "OPENVAS:1361412562310802804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802804", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities (Linux) - Feb12", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities (Linux) - Feb12\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802804\");\n script_version(\"2019-09-16T06:54:58+0000\");\n script_cve_id(\"CVE-2012-0752\", \"CVE-2012-0753\", \"CVE-2012-0754\", \"CVE-2012-0757\",\n \"CVE-2012-0756\", \"CVE-2012-0767\");\n script_bugtraq_id(52032, 52033, 52034, 51999, 52036, 52040);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-09-16 06:54:58 +0000 (Mon, 16 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-02-22 14:34:05 +0530 (Wed, 22 Feb 2012)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities (Linux) - Feb12\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/48033\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1026694\");\n script_xref(name:\"URL\", value:\"http://www.securelist.com/en/advisories/48033\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-03.html\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"General\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary\n code in the context of the affected application or cause a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 10.3.183.15\n Adobe Flash Player version 11.x through 11.1.102.55 on Linux.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - A memory corruption error in ActiveX control\n\n - A type confusion memory corruption error\n\n - An unspecified error related to MP4 parsing\n\n - Many unspecified errors which allows to bypass certain security\n restrictions\n\n - Improper validation of user supplied input which allows attackers to\n execute arbitrary HTML and script code in a user's browser session.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version 10.3.183.15 or 11.1.102.62 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nflashVer = get_kb_item(\"AdobeFlashPlayer/Linux/Ver\");\nif(isnull(flashVer)){\n exit(0);\n}\n\nflashVer = ereg_replace(pattern:\",\", string:flashVer, replace: \".\");\n\nif(version_is_less(version:flashVer, test_version:\"10.3.183.15\")||\n version_in_range(version:flashVer, test_version:\"11.0\", test_version2:\"11.1.102.55\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-19T10:50:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0767"], "description": "This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.", "modified": "2017-07-04T00:00:00", "published": "2012-02-22T00:00:00", "id": "OPENVAS:802804", "href": "http://plugins.openvas.org/nasl.php?oid=802804", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities (Linux) - Feb12", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_flash_player_mult_vuln_lin_feb12.nasl 6521 2017-07-04 14:51:10Z cfischer $\n#\n# Adobe Flash Player Multiple Vulnerabilities (Linux) - Feb12\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary\n code in the context of the affected application or cause a denial of\n service condition.\n Impact Level: Application.\";\ntag_affected = \"Adobe Flash Player version before 10.3.183.15\n Adobe Flash Player version 11.x through 11.1.102.55 on Linux\";\ntag_insight = \"The flaws are due to,\n - A memory corruption error in ActiveX control\n - A type confusion memory corruption error\n - An unspecified error related to MP4 parsing\n - Many unspecified erros which allows to bypass certain security\n restrictions\n - Improper validation of user supplied input which allows\n attackers to execute arbitrary HTML and script code in a user's browser\n session\";\ntag_solution = \"Upgrade to Adobe Flash Player version 10.3.183.15 or 11.1.102.62 or later,\n For updates refer to http://www.adobe.com/downloads/\";\ntag_summary = \"This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(802804);\n script_version(\"$Revision: 6521 $\");\n script_cve_id(\"CVE-2012-0752\", \"CVE-2012-0753\", \"CVE-2012-0754\", \"CVE-2012-0757\",\n \"CVE-2012-0756\", \"CVE-2012-0767\");\n script_bugtraq_id(52032, 52033, 52034, 51999, 52036, 52040);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-04 16:51:10 +0200 (Tue, 04 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-22 14:34:05 +0530 (Wed, 22 Feb 2012)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities (Linux) - Feb12\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/48033\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1026694\");\n script_xref(name : \"URL\" , value : \"http://www.securelist.com/en/advisories/48033\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb12-03.html\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nflashVer = NULL;\n\n#Get Adobe Flash Player Version\nflashVer = get_kb_item(\"AdobeFlashPlayer/Linux/Ver\");\nif(isnull(flashVer)){\n exit(0);\n}\n\nflashVer = ereg_replace(pattern:\",\", string:flashVer, replace: \".\");\n\n## Check for Adobe Flash Player versions 11.1.102.55 and prior\nif(version_is_less(version:flashVer, test_version:\"10.3.183.15\")||\n version_in_range(version:flashVer, test_version:\"11.0\", test_version2:\"11.1.102.55\")){\n security_message(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:21:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0751", "CVE-2012-0767"], "description": "This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.", "modified": "2017-12-19T00:00:00", "published": "2012-02-22T00:00:00", "id": "OPENVAS:802803", "href": "http://plugins.openvas.org/nasl.php?oid=802803", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities (Windows) - Feb12", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_flash_player_mult_vuln_win_feb12.nasl 8178 2017-12-19 13:42:38Z cfischer $\n#\n# Adobe Flash Player Multiple Vulnerabilities (Windows) - Feb12\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary\n code in the context of the affected application or cause a denial of\n service condition.\n Impact Level: Application.\";\ntag_affected = \"Adobe Flash Player version before 10.3.183.15\n Adobe Flash Player version 11.x through 11.1.102.55 and prior on Windows\";\ntag_insight = \"Flaws are due to\n\n - A memory corruption error in ActiveX control.\n\n - A type confusion memory corruption error.\n\n - An unspecified error related to MP4 parsing.\n\n - Many unspecified erros which allows to bypass certain security\n restrictions.\n\n - Improper validation of user supplied input which allows attackers\n to execute arbitrary HTML and script code in a user's browser session\";\ntag_solution = \"Upgrade to Adobe Flash Player version 11.1.102.62 or later,\n For updates refer to http://www.adobe.com/downloads/\";\ntag_summary = \"This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(802803);\n script_version(\"$Revision: 8178 $\");\n script_cve_id(\"CVE-2012-0751\", \"CVE-2012-0752\", \"CVE-2012-0753\", \"CVE-2012-0754\",\n \"CVE-2012-0757\", \"CVE-2012-0756\", \"CVE-2012-0767\");\n script_bugtraq_id(52037, 52032, 52033, 52034, 51999, 52036, 52040);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 14:42:38 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-22 11:17:41 +0530 (Wed, 22 Feb 2012)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities (Windows) - Feb12\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/48033\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1026694\");\n script_xref(name : \"URL\" , value : \"http://www.securelist.com/en/advisories/48033\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb12-03.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n## Check for Adobe Flash Player versions 11.1.102.55 and prior\nif( version_is_less( version:vers, test_version:\"10.3.183.15\" ) ||\n version_in_range( version:vers, test_version:\"11.0\", test_version2:\"11.1.102.55\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"11.1.102.62\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-09-23T15:14:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0754", "CVE-2012-0752", "CVE-2012-0757", "CVE-2012-0753", "CVE-2012-0756", "CVE-2012-0751", "CVE-2012-0767"], "description": "This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.", "modified": "2019-09-16T00:00:00", "published": "2012-02-22T00:00:00", "id": "OPENVAS:1361412562310802803", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802803", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities (Windows) - Feb12", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities (Windows) - Feb12\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802803\");\n script_version(\"2019-09-16T06:54:58+0000\");\n script_cve_id(\"CVE-2012-0751\", \"CVE-2012-0752\", \"CVE-2012-0753\", \"CVE-2012-0754\",\n \"CVE-2012-0757\", \"CVE-2012-0756\", \"CVE-2012-0767\");\n script_bugtraq_id(52037, 52032, 52033, 52034, 51999, 52036, 52040);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-09-16 06:54:58 +0000 (Mon, 16 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-02-22 11:17:41 +0530 (Wed, 22 Feb 2012)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities (Windows) - Feb12\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/48033\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1026694\");\n script_xref(name:\"URL\", value:\"http://www.securelist.com/en/advisories/48033\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb12-03.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary\n code in the context of the affected application or cause a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 10.3.183.15\n Adobe Flash Player version 11.x through 11.1.102.55 and prior on Windows.\");\n\n script_tag(name:\"insight\", value:\"Flaws are due to\n\n - A memory corruption error in ActiveX control.\n\n - A type confusion memory corruption error.\n\n - An unspecified error related to MP4 parsing.\n\n - Many unspecified errors which allows to bypass certain security\n restrictions.\n\n - Improper validation of user supplied input which allows attackers\n to execute arbitrary HTML and script code in a user's browser session.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version 11.1.102.62 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif( version_is_less( version:vers, test_version:\"10.3.183.15\" ) ||\n version_in_range( version:vers, test_version:\"11.0\", test_version2:\"11.1.102.55\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"11.1.102.62\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T17:57:49", "description": "BUGTRAQ ID: 52006\r\nCVE ID: CVE-2012-0759,CVE-2012-0766,CVE-2012-0764,CVE-2012-0757,CVE-2012-0763,CVE-2012-0762,CVE-2012-0761\r\n\r\nAdobe Shockwave Player\u662f\u64ad\u653e\u4f7f\u7528Director Shockwave Studio\u5236\u4f5c\u7684\u7f51\u9875\u7684\u5916\u6302\u8f6f\u4ef6\u3002\r\n\r\nAdobe Shockwave Player\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u8fdc\u7a0b\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nAdobe Shockwave Player 11.x\r\nAdobe Shockwave Player 10.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nAdobe\r\n-----\r\nAdobe\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08APSB12-02\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\n\r\nAPSB12-02\uff1aSecurity update available for Adobe Shockwave Player\r\n\r\n\u94fe\u63a5\uff1ahttp://www.adobe.com/support/security/bulletins/apsb12-02.html", "published": "2012-02-16T00:00:00", "title": "Adobe Shockwave Player\u8fdc\u7a0b\u5185\u5b58\u7834\u574f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-0757", "CVE-2012-0759", "CVE-2012-0761", "CVE-2012-0762", "CVE-2012-0763", "CVE-2012-0764", "CVE-2012-0766"], "modified": "2012-02-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-30122", "id": "SSV:30122", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "cve": [{"lastseen": "2021-04-22T23:28:17", "description": "The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.", "edition": 8, "cvss3": {}, "published": "2012-02-15T01:55:00", "title": "CVE-2012-0761", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0761"], "modified": "2017-08-29T01:31:00", "cpe": ["cpe:/a:adobe:shockwave_player:8.5.1.105", "cpe:/a:adobe:shockwave_player:8.0.205", "cpe:/a:adobe:shockwave_player:8.5.1", "cpe:/a:adobe:shockwave_player:11.0.0.456", "cpe:/a:adobe:shockwave_player:8.5.325", "cpe:/a:adobe:shockwave_player:11.5.1.601", "cpe:/a:adobe:shockwave_player:8.5.321", "cpe:/a:adobe:shockwave_player:8.5.1.100", "cpe:/a:adobe:shockwave_player:11.5.2.602", "cpe:/a:adobe:shockwave_player:8.0.196a", "cpe:/a:adobe:shockwave_player:8.5.324", "cpe:/a:adobe:shockwave_player:11.5.6.606", "cpe:/a:adobe:shockwave_player:1.0", "cpe:/a:adobe:shockwave_player:11.5.0.595", "cpe:/a:adobe:shockwave_player:11.5.8.612", "cpe:/a:adobe:shockwave_player:3.0", "cpe:/a:adobe:shockwave_player:10.2.0.021", "cpe:/a:adobe:shockwave_player:9", "cpe:/a:adobe:shockwave_player:8.5.323", "cpe:/a:adobe:shockwave_player:4.0", "cpe:/a:adobe:shockwave_player:11.6.0.626", "cpe:/a:adobe:shockwave_player:8.0.204", "cpe:/a:adobe:shockwave_player:10.1.0.11", "cpe:/a:adobe:shockwave_player:10.0.0.210", "cpe:/a:adobe:shockwave_player:10.1.0.011", "cpe:/a:adobe:shockwave_player:8.0", "cpe:/a:adobe:shockwave_player:10.0.1.004", "cpe:/a:adobe:shockwave_player:10.1.4.020", "cpe:/a:adobe:shockwave_player:11.6.1.629", "cpe:/a:adobe:shockwave_player:8.0.196", "cpe:/a:adobe:shockwave_player:11.5.9.615", "cpe:/a:adobe:shockwave_player:6.0", "cpe:/a:adobe:shockwave_player:10.1.1.016", "cpe:/a:adobe:shockwave_player:8.5.1.103", "cpe:/a:adobe:shockwave_player:11.0.3.471", "cpe:/a:adobe:shockwave_player:10.2.0.022", "cpe:/a:adobe:shockwave_player:2.0", "cpe:/a:adobe:shockwave_player:11.5.7.609", "cpe:/a:adobe:shockwave_player:5.0", "cpe:/a:adobe:shockwave_player:11.6.3.633", "cpe:/a:adobe:shockwave_player:10.2.0.023", "cpe:/a:adobe:shockwave_player:9.0.383", "cpe:/a:adobe:shockwave_player:11.5.0.596", "cpe:/a:adobe:shockwave_player:11.5.9.620", "cpe:/a:adobe:shockwave_player:8.5.1.106", "cpe:/a:adobe:shockwave_player:9.0.432"], "id": "CVE-2012-0761", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0761", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.615:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.1.629:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.620:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.0.626:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.3.633:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:28:17", "description": "Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0771.", "edition": 8, "cvss3": {}, "published": "2012-02-15T01:55:00", "title": "CVE-2012-0759", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0759"], "modified": "2018-02-20T02:29:00", "cpe": ["cpe:/a:adobe:shockwave_player:8.5.1.105", "cpe:/a:adobe:shockwave_player:8.0.205", "cpe:/a:adobe:shockwave_player:8.5.1", "cpe:/a:adobe:shockwave_player:11.0.0.456", "cpe:/a:adobe:shockwave_player:8.5.325", "cpe:/a:adobe:shockwave_player:11.5.1.601", "cpe:/a:adobe:shockwave_player:8.5.321", "cpe:/a:adobe:shockwave_player:8.5.1.100", "cpe:/a:adobe:shockwave_player:11.5.2.602", "cpe:/a:adobe:shockwave_player:8.0.196a", "cpe:/a:adobe:shockwave_player:8.5.324", "cpe:/a:adobe:shockwave_player:11.5.6.606", "cpe:/a:adobe:shockwave_player:1.0", "cpe:/a:adobe:shockwave_player:11.5.0.595", "cpe:/a:adobe:shockwave_player:11.5.8.612", "cpe:/a:adobe:shockwave_player:3.0", "cpe:/a:adobe:shockwave_player:10.2.0.021", "cpe:/a:adobe:shockwave_player:9", "cpe:/a:adobe:shockwave_player:8.5.323", "cpe:/a:adobe:shockwave_player:4.0", "cpe:/a:adobe:shockwave_player:11.6.0.626", "cpe:/a:adobe:shockwave_player:8.0.204", "cpe:/a:adobe:shockwave_player:10.1.0.11", "cpe:/a:adobe:shockwave_player:10.0.0.210", "cpe:/a:adobe:shockwave_player:10.1.0.011", "cpe:/a:adobe:shockwave_player:8.0", "cpe:/a:adobe:shockwave_player:10.0.1.004", "cpe:/a:adobe:shockwave_player:10.1.4.020", "cpe:/a:adobe:shockwave_player:11.6.1.629", "cpe:/a:adobe:shockwave_player:8.0.196", "cpe:/a:adobe:shockwave_player:11.5.9.615", "cpe:/a:adobe:shockwave_player:6.0", "cpe:/a:adobe:shockwave_player:10.1.1.016", "cpe:/a:adobe:shockwave_player:8.5.1.103", "cpe:/a:adobe:shockwave_player:11.0.3.471", "cpe:/a:adobe:shockwave_player:10.2.0.022", "cpe:/a:adobe:shockwave_player:2.0", "cpe:/a:adobe:shockwave_player:11.5.7.609", "cpe:/a:adobe:shockwave_player:5.0", "cpe:/a:adobe:shockwave_player:11.6.3.633", "cpe:/a:adobe:shockwave_player:10.2.0.023", "cpe:/a:adobe:shockwave_player:9.0.383", "cpe:/a:adobe:shockwave_player:11.5.0.596", "cpe:/a:adobe:shockwave_player:11.5.9.620", "cpe:/a:adobe:shockwave_player:8.5.1.106", "cpe:/a:adobe:shockwave_player:9.0.432"], "id": "CVE-2012-0759", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0759", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.615:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.1.629:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.620:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.0.626:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.3.633:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:28:17", "description": "The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.", "edition": 8, "cvss3": {}, "published": "2012-02-15T01:55:00", "title": "CVE-2012-0757", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0757"], "modified": "2012-02-16T05:00:00", "cpe": ["cpe:/a:adobe:shockwave_player:8.5.1.105", "cpe:/a:adobe:shockwave_player:8.0.205", "cpe:/a:adobe:shockwave_player:8.5.1", "cpe:/a:adobe:shockwave_player:11.0.0.456", "cpe:/a:adobe:shockwave_player:8.5.325", "cpe:/a:adobe:shockwave_player:11.5.1.601", "cpe:/a:adobe:shockwave_player:8.5.321", "cpe:/a:adobe:shockwave_player:8.5.1.100", "cpe:/a:adobe:shockwave_player:11.5.2.602", "cpe:/a:adobe:shockwave_player:8.0.196a", "cpe:/a:adobe:shockwave_player:8.5.324", "cpe:/a:adobe:shockwave_player:11.5.6.606", "cpe:/a:adobe:shockwave_player:1.0", "cpe:/a:adobe:shockwave_player:11.5.0.595", "cpe:/a:adobe:shockwave_player:11.5.8.612", "cpe:/a:adobe:shockwave_player:3.0", "cpe:/a:adobe:shockwave_player:10.2.0.021", "cpe:/a:adobe:shockwave_player:9", "cpe:/a:adobe:shockwave_player:8.5.323", "cpe:/a:adobe:shockwave_player:4.0", "cpe:/a:adobe:shockwave_player:11.6.0.626", "cpe:/a:adobe:shockwave_player:8.0.204", "cpe:/a:adobe:shockwave_player:10.1.0.11", "cpe:/a:adobe:shockwave_player:10.0.0.210", "cpe:/a:adobe:shockwave_player:10.1.0.011", "cpe:/a:adobe:shockwave_player:8.0", "cpe:/a:adobe:shockwave_player:10.0.1.004", "cpe:/a:adobe:shockwave_player:10.1.4.020", "cpe:/a:adobe:shockwave_player:11.6.1.629", "cpe:/a:adobe:shockwave_player:8.0.196", "cpe:/a:adobe:shockwave_player:11.5.9.615", "cpe:/a:adobe:shockwave_player:6.0", "cpe:/a:adobe:shockwave_player:10.1.1.016", "cpe:/a:adobe:shockwave_player:8.5.1.103", "cpe:/a:adobe:shockwave_player:11.0.3.471", "cpe:/a:adobe:shockwave_player:10.2.0.022", "cpe:/a:adobe:shockwave_player:2.0", "cpe:/a:adobe:shockwave_player:11.5.7.609", "cpe:/a:adobe:shockwave_player:5.0", "cpe:/a:adobe:shockwave_player:11.6.3.633", "cpe:/a:adobe:shockwave_player:10.2.0.023", "cpe:/a:adobe:shockwave_player:9.0.383", "cpe:/a:adobe:shockwave_player:11.5.0.596", "cpe:/a:adobe:shockwave_player:11.5.9.620", "cpe:/a:adobe:shockwave_player:8.5.1.106", "cpe:/a:adobe:shockwave_player:9.0.432"], "id": "CVE-2012-0757", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0757", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.615:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.1.629:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.620:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.0.626:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.3.633:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:28:17", "description": "The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0764, and CVE-2012-0766.", "edition": 9, "cvss3": {}, "published": "2012-02-15T01:55:00", "title": "CVE-2012-0763", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0763"], "modified": "2012-02-16T05:00:00", "cpe": ["cpe:/a:adobe:shockwave_player:8.5.1.105", "cpe:/a:adobe:shockwave_player:8.0.205", "cpe:/a:adobe:shockwave_player:8.5.1", "cpe:/a:adobe:shockwave_player:11.0.0.456", "cpe:/a:adobe:shockwave_player:8.5.325", "cpe:/a:adobe:shockwave_player:11.5.1.601", "cpe:/a:adobe:shockwave_player:8.5.321", "cpe:/a:adobe:shockwave_player:8.5.1.100", "cpe:/a:adobe:shockwave_player:11.5.2.602", "cpe:/a:adobe:shockwave_player:8.0.196a", "cpe:/a:adobe:shockwave_player:8.5.324", "cpe:/a:adobe:shockwave_player:11.5.6.606", "cpe:/a:adobe:shockwave_player:1.0", "cpe:/a:adobe:shockwave_player:11.5.0.595", "cpe:/a:adobe:shockwave_player:11.5.8.612", "cpe:/a:adobe:shockwave_player:3.0", "cpe:/a:adobe:shockwave_player:10.2.0.021", "cpe:/a:adobe:shockwave_player:9", "cpe:/a:adobe:shockwave_player:8.5.323", "cpe:/a:adobe:shockwave_player:4.0", "cpe:/a:adobe:shockwave_player:11.6.0.626", "cpe:/a:adobe:shockwave_player:8.0.204", "cpe:/a:adobe:shockwave_player:10.1.0.11", "cpe:/a:adobe:shockwave_player:10.0.0.210", "cpe:/a:adobe:shockwave_player:10.1.0.011", "cpe:/a:adobe:shockwave_player:8.0", "cpe:/a:adobe:shockwave_player:10.0.1.004", "cpe:/a:adobe:shockwave_player:10.1.4.020", "cpe:/a:adobe:shockwave_player:11.6.1.629", "cpe:/a:adobe:shockwave_player:8.0.196", "cpe:/a:adobe:shockwave_player:11.5.9.615", "cpe:/a:adobe:shockwave_player:6.0", "cpe:/a:adobe:shockwave_player:10.1.1.016", "cpe:/a:adobe:shockwave_player:8.5.1.103", "cpe:/a:adobe:shockwave_player:11.0.3.471", "cpe:/a:adobe:shockwave_player:10.2.0.022", "cpe:/a:adobe:shockwave_player:2.0", "cpe:/a:adobe:shockwave_player:11.5.7.609", "cpe:/a:adobe:shockwave_player:5.0", "cpe:/a:adobe:shockwave_player:11.6.3.633", "cpe:/a:adobe:shockwave_player:10.2.0.023", "cpe:/a:adobe:shockwave_player:9.0.383", "cpe:/a:adobe:shockwave_player:11.5.0.596", "cpe:/a:adobe:shockwave_player:11.5.9.620", "cpe:/a:adobe:shockwave_player:8.5.1.106", "cpe:/a:adobe:shockwave_player:9.0.432"], "id": "CVE-2012-0763", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0763", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.615:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.1.629:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.620:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.0.626:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.3.633:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:28:17", "description": "The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, and CVE-2012-0764.", "edition": 9, "cvss3": {}, "published": "2012-02-15T01:55:00", "title": "CVE-2012-0766", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0766"], "modified": "2012-02-25T04:21:00", "cpe": ["cpe:/a:adobe:shockwave_player:8.5.1.105", "cpe:/a:adobe:shockwave_player:8.0.205", "cpe:/a:adobe:shockwave_player:8.5.1", "cpe:/a:adobe:shockwave_player:11.0.0.456", "cpe:/a:adobe:shockwave_player:8.5.325", "cpe:/a:adobe:shockwave_player:11.5.1.601", "cpe:/a:adobe:shockwave_player:8.5.321", "cpe:/a:adobe:shockwave_player:8.5.1.100", "cpe:/a:adobe:shockwave_player:11.5.2.602", "cpe:/a:adobe:shockwave_player:8.0.196a", "cpe:/a:adobe:shockwave_player:8.5.324", "cpe:/a:adobe:shockwave_player:11.5.6.606", "cpe:/a:adobe:shockwave_player:1.0", "cpe:/a:adobe:shockwave_player:11.5.0.595", "cpe:/a:adobe:shockwave_player:11.5.8.612", "cpe:/a:adobe:shockwave_player:3.0", "cpe:/a:adobe:shockwave_player:10.2.0.021", "cpe:/a:adobe:shockwave_player:9", "cpe:/a:adobe:shockwave_player:8.5.323", "cpe:/a:adobe:shockwave_player:4.0", "cpe:/a:adobe:shockwave_player:11.6.0.626", "cpe:/a:adobe:shockwave_player:8.0.204", "cpe:/a:adobe:shockwave_player:10.1.0.11", "cpe:/a:adobe:shockwave_player:10.0.0.210", "cpe:/a:adobe:shockwave_player:10.1.0.011", "cpe:/a:adobe:shockwave_player:8.0", "cpe:/a:adobe:shockwave_player:10.0.1.004", "cpe:/a:adobe:shockwave_player:10.1.4.020", "cpe:/a:adobe:shockwave_player:11.6.1.629", "cpe:/a:adobe:shockwave_player:8.0.196", "cpe:/a:adobe:shockwave_player:11.5.9.615", "cpe:/a:adobe:shockwave_player:6.0", "cpe:/a:adobe:shockwave_player:10.1.1.016", "cpe:/a:adobe:shockwave_player:8.5.1.103", "cpe:/a:adobe:shockwave_player:11.0.3.471", "cpe:/a:adobe:shockwave_player:10.2.0.022", "cpe:/a:adobe:shockwave_player:2.0", "cpe:/a:adobe:shockwave_player:11.5.7.609", "cpe:/a:adobe:shockwave_player:5.0", "cpe:/a:adobe:shockwave_player:11.6.3.633", "cpe:/a:adobe:shockwave_player:10.2.0.023", "cpe:/a:adobe:shockwave_player:9.0.383", "cpe:/a:adobe:shockwave_player:11.5.0.596", "cpe:/a:adobe:shockwave_player:11.5.9.620", "cpe:/a:adobe:shockwave_player:8.5.1.106", "cpe:/a:adobe:shockwave_player:9.0.432"], "id": "CVE-2012-0766", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0766", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.615:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.1.629:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.620:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.0.626:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.3.633:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:28:17", "description": "The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.", "edition": 8, "cvss3": {}, "published": "2012-02-15T01:55:00", "title": "CVE-2012-0760", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0760"], "modified": "2012-02-16T05:00:00", "cpe": ["cpe:/a:adobe:shockwave_player:8.5.1.105", "cpe:/a:adobe:shockwave_player:8.0.205", "cpe:/a:adobe:shockwave_player:8.5.1", "cpe:/a:adobe:shockwave_player:11.0.0.456", "cpe:/a:adobe:shockwave_player:8.5.325", "cpe:/a:adobe:shockwave_player:11.5.1.601", "cpe:/a:adobe:shockwave_player:8.5.321", "cpe:/a:adobe:shockwave_player:8.5.1.100", "cpe:/a:adobe:shockwave_player:11.5.2.602", "cpe:/a:adobe:shockwave_player:8.0.196a", "cpe:/a:adobe:shockwave_player:8.5.324", "cpe:/a:adobe:shockwave_player:11.5.6.606", "cpe:/a:adobe:shockwave_player:1.0", "cpe:/a:adobe:shockwave_player:11.5.0.595", "cpe:/a:adobe:shockwave_player:11.5.8.612", "cpe:/a:adobe:shockwave_player:3.0", "cpe:/a:adobe:shockwave_player:10.2.0.021", "cpe:/a:adobe:shockwave_player:9", "cpe:/a:adobe:shockwave_player:8.5.323", "cpe:/a:adobe:shockwave_player:4.0", "cpe:/a:adobe:shockwave_player:11.6.0.626", "cpe:/a:adobe:shockwave_player:8.0.204", "cpe:/a:adobe:shockwave_player:10.1.0.11", "cpe:/a:adobe:shockwave_player:10.0.0.210", "cpe:/a:adobe:shockwave_player:10.1.0.011", "cpe:/a:adobe:shockwave_player:8.0", "cpe:/a:adobe:shockwave_player:10.0.1.004", "cpe:/a:adobe:shockwave_player:10.1.4.020", "cpe:/a:adobe:shockwave_player:11.6.1.629", "cpe:/a:adobe:shockwave_player:8.0.196", "cpe:/a:adobe:shockwave_player:11.5.9.615", "cpe:/a:adobe:shockwave_player:6.0", "cpe:/a:adobe:shockwave_player:10.1.1.016", "cpe:/a:adobe:shockwave_player:8.5.1.103", "cpe:/a:adobe:shockwave_player:11.0.3.471", "cpe:/a:adobe:shockwave_player:10.2.0.022", "cpe:/a:adobe:shockwave_player:2.0", "cpe:/a:adobe:shockwave_player:11.5.7.609", "cpe:/a:adobe:shockwave_player:5.0", "cpe:/a:adobe:shockwave_player:11.6.3.633", "cpe:/a:adobe:shockwave_player:10.2.0.023", "cpe:/a:adobe:shockwave_player:9.0.383", "cpe:/a:adobe:shockwave_player:11.5.0.596", "cpe:/a:adobe:shockwave_player:11.5.9.620", "cpe:/a:adobe:shockwave_player:8.5.1.106", "cpe:/a:adobe:shockwave_player:9.0.432"], "id": "CVE-2012-0760", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0760", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.615:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.1.629:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.620:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.0.626:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.3.633:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:28:17", "description": "The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, and CVE-2012-0766.", "edition": 9, "cvss3": {}, "published": "2012-02-15T01:55:00", "title": "CVE-2012-0764", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0764"], "modified": "2012-03-21T03:53:00", "cpe": ["cpe:/a:adobe:shockwave_player:8.5.1.105", "cpe:/a:adobe:shockwave_player:8.0.205", "cpe:/a:adobe:shockwave_player:8.5.1", "cpe:/a:adobe:shockwave_player:11.0.0.456", "cpe:/a:adobe:shockwave_player:8.5.325", "cpe:/a:adobe:shockwave_player:11.5.1.601", "cpe:/a:adobe:shockwave_player:8.5.321", "cpe:/a:adobe:shockwave_player:8.5.1.100", "cpe:/a:adobe:shockwave_player:11.5.2.602", "cpe:/a:adobe:shockwave_player:8.0.196a", "cpe:/a:adobe:shockwave_player:8.5.324", "cpe:/a:adobe:shockwave_player:11.5.6.606", "cpe:/a:adobe:shockwave_player:1.0", "cpe:/a:adobe:shockwave_player:11.5.0.595", "cpe:/a:adobe:shockwave_player:11.5.8.612", "cpe:/a:adobe:shockwave_player:3.0", "cpe:/a:adobe:shockwave_player:10.2.0.021", "cpe:/a:adobe:shockwave_player:9", "cpe:/a:adobe:shockwave_player:8.5.323", "cpe:/a:adobe:shockwave_player:4.0", "cpe:/a:adobe:shockwave_player:11.6.0.626", "cpe:/a:adobe:shockwave_player:8.0.204", "cpe:/a:adobe:shockwave_player:10.1.0.11", "cpe:/a:adobe:shockwave_player:10.0.0.210", "cpe:/a:adobe:shockwave_player:10.1.0.011", "cpe:/a:adobe:shockwave_player:8.0", "cpe:/a:adobe:shockwave_player:10.0.1.004", "cpe:/a:adobe:shockwave_player:10.1.4.020", "cpe:/a:adobe:shockwave_player:11.6.1.629", "cpe:/a:adobe:shockwave_player:8.0.196", "cpe:/a:adobe:shockwave_player:11.5.9.615", "cpe:/a:adobe:shockwave_player:6.0", "cpe:/a:adobe:shockwave_player:10.1.1.016", "cpe:/a:adobe:shockwave_player:8.5.1.103", "cpe:/a:adobe:shockwave_player:11.0.3.471", "cpe:/a:adobe:shockwave_player:10.2.0.022", "cpe:/a:adobe:shockwave_player:2.0", "cpe:/a:adobe:shockwave_player:11.5.7.609", "cpe:/a:adobe:shockwave_player:5.0", "cpe:/a:adobe:shockwave_player:11.6.3.633", "cpe:/a:adobe:shockwave_player:10.2.0.023", "cpe:/a:adobe:shockwave_player:9.0.383", "cpe:/a:adobe:shockwave_player:11.5.0.596", "cpe:/a:adobe:shockwave_player:11.5.9.620", "cpe:/a:adobe:shockwave_player:8.5.1.106", "cpe:/a:adobe:shockwave_player:9.0.432"], "id": "CVE-2012-0764", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0764", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.615:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.1.629:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.620:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.0.626:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.3.633:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:28:17", "description": "The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.", "edition": 8, "cvss3": {}, "published": "2012-02-15T01:55:00", "title": "CVE-2012-0762", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0762"], "modified": "2017-08-29T01:31:00", "cpe": ["cpe:/a:adobe:shockwave_player:8.5.1.105", "cpe:/a:adobe:shockwave_player:8.0.205", "cpe:/a:adobe:shockwave_player:8.5.1", "cpe:/a:adobe:shockwave_player:11.0.0.456", "cpe:/a:adobe:shockwave_player:8.5.325", "cpe:/a:adobe:shockwave_player:11.5.1.601", "cpe:/a:adobe:shockwave_player:8.5.321", "cpe:/a:adobe:shockwave_player:8.5.1.100", "cpe:/a:adobe:shockwave_player:11.5.2.602", "cpe:/a:adobe:shockwave_player:8.0.196a", "cpe:/a:adobe:shockwave_player:8.5.324", "cpe:/a:adobe:shockwave_player:11.5.6.606", "cpe:/a:adobe:shockwave_player:1.0", "cpe:/a:adobe:shockwave_player:11.5.0.595", "cpe:/a:adobe:shockwave_player:11.5.8.612", "cpe:/a:adobe:shockwave_player:3.0", "cpe:/a:adobe:shockwave_player:10.2.0.021", "cpe:/a:adobe:shockwave_player:9", "cpe:/a:adobe:shockwave_player:8.5.323", "cpe:/a:adobe:shockwave_player:4.0", "cpe:/a:adobe:shockwave_player:11.6.0.626", "cpe:/a:adobe:shockwave_player:8.0.204", "cpe:/a:adobe:shockwave_player:10.1.0.11", "cpe:/a:adobe:shockwave_player:10.0.0.210", "cpe:/a:adobe:shockwave_player:10.1.0.011", "cpe:/a:adobe:shockwave_player:8.0", "cpe:/a:adobe:shockwave_player:10.0.1.004", "cpe:/a:adobe:shockwave_player:10.1.4.020", "cpe:/a:adobe:shockwave_player:11.6.1.629", "cpe:/a:adobe:shockwave_player:8.0.196", "cpe:/a:adobe:shockwave_player:11.5.9.615", "cpe:/a:adobe:shockwave_player:6.0", "cpe:/a:adobe:shockwave_player:10.1.1.016", "cpe:/a:adobe:shockwave_player:8.5.1.103", "cpe:/a:adobe:shockwave_player:11.0.3.471", "cpe:/a:adobe:shockwave_player:10.2.0.022", "cpe:/a:adobe:shockwave_player:2.0", "cpe:/a:adobe:shockwave_player:11.5.7.609", "cpe:/a:adobe:shockwave_player:5.0", "cpe:/a:adobe:shockwave_player:11.6.3.633", "cpe:/a:adobe:shockwave_player:10.2.0.023", "cpe:/a:adobe:shockwave_player:9.0.383", "cpe:/a:adobe:shockwave_player:11.5.0.596", "cpe:/a:adobe:shockwave_player:11.5.9.620", "cpe:/a:adobe:shockwave_player:8.5.1.106", "cpe:/a:adobe:shockwave_player:9.0.432"], "id": "CVE-2012-0762", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0762", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.615:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.1.629:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.620:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.0.626:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.3.633:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:28:17", "description": "Heap-based buffer overflow in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code via unspecified vectors.", "edition": 8, "cvss3": {}, "published": "2012-02-15T01:55:00", "title": "CVE-2012-0758", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0758"], "modified": "2012-02-16T05:00:00", "cpe": ["cpe:/a:adobe:shockwave_player:8.5.1.105", "cpe:/a:adobe:shockwave_player:8.0.205", "cpe:/a:adobe:shockwave_player:8.5.1", "cpe:/a:adobe:shockwave_player:11.0.0.456", "cpe:/a:adobe:shockwave_player:8.5.325", "cpe:/a:adobe:shockwave_player:11.5.1.601", "cpe:/a:adobe:shockwave_player:8.5.321", "cpe:/a:adobe:shockwave_player:8.5.1.100", "cpe:/a:adobe:shockwave_player:11.5.2.602", "cpe:/a:adobe:shockwave_player:8.0.196a", "cpe:/a:adobe:shockwave_player:8.5.324", "cpe:/a:adobe:shockwave_player:11.5.6.606", "cpe:/a:adobe:shockwave_player:1.0", "cpe:/a:adobe:shockwave_player:11.5.0.595", "cpe:/a:adobe:shockwave_player:11.5.8.612", "cpe:/a:adobe:shockwave_player:3.0", "cpe:/a:adobe:shockwave_player:10.2.0.021", "cpe:/a:adobe:shockwave_player:9", "cpe:/a:adobe:shockwave_player:8.5.323", "cpe:/a:adobe:shockwave_player:4.0", "cpe:/a:adobe:shockwave_player:11.6.0.626", "cpe:/a:adobe:shockwave_player:8.0.204", "cpe:/a:adobe:shockwave_player:10.1.0.11", "cpe:/a:adobe:shockwave_player:10.0.0.210", "cpe:/a:adobe:shockwave_player:10.1.0.011", "cpe:/a:adobe:shockwave_player:8.0", "cpe:/a:adobe:shockwave_player:10.0.1.004", "cpe:/a:adobe:shockwave_player:10.1.4.020", "cpe:/a:adobe:shockwave_player:11.6.1.629", "cpe:/a:adobe:shockwave_player:8.0.196", "cpe:/a:adobe:shockwave_player:11.5.9.615", "cpe:/a:adobe:shockwave_player:6.0", "cpe:/a:adobe:shockwave_player:10.1.1.016", "cpe:/a:adobe:shockwave_player:8.5.1.103", "cpe:/a:adobe:shockwave_player:11.0.3.471", "cpe:/a:adobe:shockwave_player:10.2.0.022", "cpe:/a:adobe:shockwave_player:2.0", "cpe:/a:adobe:shockwave_player:11.5.7.609", "cpe:/a:adobe:shockwave_player:5.0", "cpe:/a:adobe:shockwave_player:11.6.3.633", "cpe:/a:adobe:shockwave_player:10.2.0.023", "cpe:/a:adobe:shockwave_player:9.0.383", "cpe:/a:adobe:shockwave_player:11.5.0.596", "cpe:/a:adobe:shockwave_player:11.5.9.620", "cpe:/a:adobe:shockwave_player:8.5.1.106", "cpe:/a:adobe:shockwave_player:9.0.432"], "id": "CVE-2012-0758", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0758", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.615:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.1.629:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.620:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.0.626:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.6.3.633:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*"]}], "suse": [{"lastseen": "2021-06-08T18:39:17", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0743", "CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0751", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2012-0759", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "description": "The Mozilla January 8th 2013 security release contains\n updates:\n\n Mozilla Firefox was updated to version 18.0. Mozilla\n Seamonkey was updated to version 2.15. Mozilla Thunderbird\n was updated to version 17.0.2.\n\n * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n * MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0\n 767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n * MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n * MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n * MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column groups\n * MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n * MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n * MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n * MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n * MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n * MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n * MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in Javascript string concatenation\n * MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption\n in XBL with XML bindings containing SVG\n * MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n * MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n * MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in\n serializeToStream\n * MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in\n ListenerManager\n * MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in\n Vibrate\n * MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in\n Javascript Proxy objects\n\n Mozilla NSPR was updated to 4.9.4, containing some small\n bugfixes and new features.\n\n Mozilla NSS was updated to 3.14.1 containing various new\n features, security fix and bugfixes:\n\n * MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from TURKTRUST\n\n Cryptographic changes done:\n * Support for TLS 1.1 (RFC 4346)\n * Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n * Support for AES-CTR, AES-CTS, and AES-GCM\n * Support for Keying Material Exporters for TLS (RFC 5705)\n * Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n * The NSS license has changed to MPL 2.0. Previous releases\n were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see <a rel=\"nofollow\" href=\"http://www.mozilla.org/MPL/2.0/FAQ.html\">http://www.mozilla.org/MPL/2.0/FAQ.html</a>. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n * Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\n Please see <a rel=\"nofollow\" href=\"http://www.mozilla.org/security/announce/\">http://www.mozilla.org/security/announce/</a> for\n more information.\n\n", "modified": "2013-01-23T14:04:54", "published": "2013-01-23T14:04:54", "id": "OPENSUSE-SU-2013:0131-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html", "type": "suse", "title": "Mozilla Januarys (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:39:32", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0743", "CVE-2013-0763", "CVE-2013-0746", "CVE-2012-5829", "CVE-2013-0766", "CVE-2013-0747", "CVE-2013-0751", "CVE-2013-0744", "CVE-2013-0748", "CVE-2013-0768", "CVE-2013-0755", "CVE-2013-0752", "CVE-2013-0754", "CVE-2013-0769", "CVE-2013-0771", "CVE-2013-0757", "CVE-2013-0749", "CVE-2013-0761", "CVE-2012-0759", "CVE-2013-0745", "CVE-2013-0756", "CVE-2013-0760", "CVE-2013-0767", "CVE-2013-0762", "CVE-2013-0753", "CVE-2013-0750", "CVE-2013-0759", "CVE-2013-0770", "CVE-2013-0758", "CVE-2013-0764"], "description": "The Mozilla January 8th 2013 security release contains\n updates:\n\n Mozilla Firefox was updated to version 18.0. Mozilla\n Seamonkey was updated to version 2.15. Mozilla Thunderbird\n was updated to version 17.0.2. Mozilla XULRunner was\n updated to version 17.0.2.\n\n * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770\n Miscellaneous memory safety hazards\n * MFSA\n 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0\n 767\n CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829\n Use-after-free and buffer overflow issues found using\n Address Sanitizer\n * MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow\n in Canvas\n * MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in\n addressbar during page loads\n * MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free\n when displaying table with many columns and column groups\n * MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are\n shared across iframes\n * MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to\n handling of SSL on threads\n * MFSA 2013-08/CVE-2013-0745 (bmo#794158)\n AutoWrapperChanger fails to keep objects alive during\n garbage collection\n * MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment\n mismatch with quickstubs returned values\n * MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event\n manipulation in plugin handler to bypass same-origin\n policy\n * MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space\n layout leaked in XBL objects\n * MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow\n in Javascript string concatenation\n * MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption\n in XBL with XML bindings containing SVG\n * MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object\n Wrapper (COW) bypass through changing prototype\n * MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege\n escalation through plugin objects\n * MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in\n serializeToStream\n * MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in\n ListenerManager\n * MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in\n Vibrate\n * MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in\n Javascript Proxy objects\n\n Mozilla NSPR was updated to 4.9.4, containing some small\n bugfixes and new features.\n\n Mozilla NSS was updated to 3.14.1 containing various new\n features, security fix and bugfixes:\n\n * MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)\n revoke mis-issued intermediate certificates from TURKTRUST\n\n Cryptographic changes done:\n * Support for TLS 1.1 (RFC 4346)\n * Experimental support for DTLS 1.0 (RFC 4347) and\n DTLS-SRTP (RFC 5764)\n * Support for AES-CTR, AES-CTS, and AES-GCM\n * Support for Keying Material Exporters for TLS (RFC 5705)\n * Support for certificate signatures using the MD5 hash\n algorithm is now disabled by default\n * The NSS license has changed to MPL 2.0. Previous releases\n were released under a MPL 1.1/GPL 2.0/LGPL 2.1\n tri-license. For more information about MPL 2.0, please\n see <a rel=\"nofollow\" href=\"http://www.mozilla.org/MPL/2.0/FAQ.html\">http://www.mozilla.org/MPL/2.0/FAQ.html</a>. For an\n additional explanation on GPL/LGPL compatibility, see\n security/nss/COPYING in the source code.\n * Export and DES cipher suites are disabled by default.\n Non-ECC AES and Triple DES cipher suites are enabled by\n default\n\n Please see <a rel=\"nofollow\" href=\"http://www.mozilla.org/security/announce/\">http://www.mozilla.org/security/announce/</a> for\n more information.\n\n", "modified": "2013-01-23T14:05:53", "published": "2013-01-23T14:05:53", "id": "OPENSUSE-SU-2013:0149-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html", "type": "suse", "title": "Mozilla Januarys (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:39:26", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2014-1505", "CVE-2014-1536", "CVE-2011-0061", "CVE-2011-0077", "CVE-2014-1513", "CVE-2012-0478", "CVE-2012-4193", "CVE-2012-0442", "CVE-2013-5601", "CVE-2013-1687", "CVE-2013-5612", "CVE-2013-1692", "CVE-2010-0654", "CVE-2012-1962", "CVE-2013-0743", "CVE-2012-0443", "CVE-2012-5842", "CVE-2012-4212", "CVE-2013-5595", "CVE-2010-0176", "CVE-2014-1530", "CVE-2011-0083", "CVE-2010-1203", "CVE-2013-1737", "CVE-2012-4214", "CVE-2008-1236", "CVE-2013-5611", "CVE-2012-1970", "CVE-2008-3835", "CVE-2013-1709", "CVE-2007-3738", "CVE-2012-3989", "CVE-2013-5616", "CVE-2013-1678", "CVE-2010-2762", "CVE-2012-5830", "CVE-2013-0763", "CVE-2014-1510", "CVE-2011-3026", "CVE-2012-0460", "CVE-2013-5613", "CVE-2012-1973", "CVE-2014-1522", "CVE-2011-3654", "CVE-2014-1567", "CVE-2012-1974", "CVE-2010-2766", "CVE-2012-4195", "CVE-2012-3986", "CVE-2013-0783", "CVE-2007-3734", "CVE-2011-2371", "CVE-2014-1481", "CVE-2013-1670", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2013-1719", "CVE-2012-3968", "CVE-2013-1725", "CVE-2012-3963", "CVE-2014-1539", "CVE-2010-0174", "CVE-2012-0452", "CVE-2013-1735", "CVE-2012-1956", "CVE-2014-1487", "CVE-2012-3978", "CVE-2012-3985", "CVE-2013-0746", "CVE-2012-5829", "CVE-2009-1571", "CVE-2012-1944", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2014-1538", "CVE-2012-4213", "CVE-2013-1685", "CVE-2012-0479", "CVE-2013-5609", "CVE-2007-3737", "CVE-2013-0766", "CVE-2007-3736", "CVE-2012-1940", "CVE-2013-1697", "CVE-2014-1484", "CVE-2014-1525", "CVE-2012-3993", "CVE-2013-5619", "CVE-2012-5837", "CVE-2008-5500", "CVE-2012-5836", "CVE-2014-1509", "CVE-2009-0772", "CVE-2013-0787", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2014-1494", "CVE-2014-1559", "CVE-2013-0747", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2014-1537", "CVE-2013-1694", "CVE-2014-1523", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2013-5615", "CVE-2013-1680", "CVE-2012-3962", "CVE-2012-0459", "CVE-2011-2362", "CVE-2014-1529", "CVE-2013-1724", "CVE-2010-1213", "CVE-2013-5597", "CVE-2012-5843", "CVE-2014-1543", "CVE-2014-1486", "CVE-2011-0085", "CVE-2013-5590", "CVE-2008-5510", "CVE-2011-0080", "CVE-2013-0780", "CVE-2008-5502", "CVE-2010-3765", "CVE-2013-1732", "CVE-2013-0744", "CVE-2013-0795", "CVE-2008-1237", "CVE-2013-1720", "CVE-2008-4070", "CVE-2013-0748", "CVE-2012-4183", "CVE-2010-3178", "CVE-2013-1679", "CVE-2007-3285", "CVE-2013-5610", "CVE-2013-0768", "CVE-2011-3661", "CVE-2012-4181", "CVE-2014-1532", "CVE-2013-6671", "CVE-2009-0040", "CVE-2011-3652", "CVE-2013-0755", "CVE-2008-4067", "CVE-2014-1548", "CVE-2011-2364", "CVE-2014-1531", "CVE-2013-0752", "CVE-2012-4186", "CVE-2014-1508", "CVE-2012-1948", "CVE-2008-5012", "CVE-2012-1938", "CVE-2013-0796", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2014-1502", "CVE-2013-1723", "CVE-2013-0782", "CVE-2012-1953", "CVE-2012-1949", "CVE-2014-1542", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3169", "CVE-2012-3970", "CVE-2011-0053", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2010-3768", "CVE-2014-1477", "CVE-2013-0800", "CVE-2010-1212", "CVE-2013-1681", "CVE-2010-1211", "CVE-2010-1121", "CVE-2013-0773", "CVE-2013-0754", "CVE-2010-3167", "CVE-2012-4202", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2014-1540", "CVE-2014-1534", "CVE-2012-1941", "CVE-2013-1738", "CVE-2014-1482", "CVE-2014-1479", "CVE-2008-4066", "CVE-2008-5018", "CVE-2012-3984", "CVE-2014-1504", "CVE-2012-0444", "CVE-2011-3650", "CVE-2014-1511", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2012-4182", "CVE-2008-1233", "CVE-2012-4187", "CVE-2012-3983", "CVE-2011-0062", "CVE-2008-0016", "CVE-2011-3101", "CVE-2010-3168", "CVE-2013-0788", "CVE-2013-1728", "CVE-2014-1545", "CVE-2010-0173", "CVE-2012-0472", "CVE-2013-5592", "CVE-2013-1730", "CVE-2008-4059", "CVE-2010-2764", "CVE-2014-1492", "CVE-2011-0081", "CVE-2009-0771", "CVE-2007-3670", "CVE-2012-1954", "CVE-2009-0774", "CVE-2014-1556", "CVE-2012-0461", "CVE-2011-2376", "CVE-2012-3958", "CVE-2012-0469", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-1512", "CVE-2012-1975", "CVE-2011-0075", "CVE-2013-1690", "CVE-2012-0464", "CVE-2013-0775", "CVE-2012-1967", "CVE-2013-5604", "CVE-2014-1514", "CVE-2010-3166", "CVE-2011-0074", "CVE-2013-0801", "CVE-2012-3956", "CVE-2010-2769", "CVE-2012-3982", "CVE-2009-3555", "CVE-2013-1714", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-5021", "CVE-2008-5017", "CVE-2013-0769", "CVE-2012-3966", "CVE-2013-0771", "CVE-2014-1490", "CVE-2012-5839", "CVE-2013-0757", "CVE-2014-1498", "CVE-2012-1961", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2014-1565", "CVE-2012-3967", "CVE-2013-0749", "CVE-2011-3651", "CVE-2008-4060", "CVE-2007-3656", "CVE-2008-1234", "CVE-2012-1951", "CVE-2012-0475", "CVE-2014-1555", "CVE-2014-1564", "CVE-2012-1952", "CVE-2010-1201", "CVE-2013-0761", "CVE-2013-1669", "CVE-2010-1585", "CVE-2012-3959", "CVE-2012-0455", "CVE-2014-1558", "CVE-2011-0084", "CVE-2012-0759", "CVE-2007-3089", "CVE-2014-1519", "CVE-2013-1701", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2013-1684", "CVE-2008-4058", "CVE-2012-4184", "CVE-2012-0447", "CVE-2014-1547", "CVE-2011-3232", "CVE-2012-4205", "CVE-2014-1480", "CVE-2014-1500", "CVE-2011-0069", "CVE-2013-6630", "CVE-2008-5022", "CVE-2008-5512", "CVE-2014-1497", "CVE-2013-5596", "CVE-2012-3992", "CVE-2008-1235", "CVE-2013-1676", "CVE-2013-0789", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2013-1675", "CVE-2014-1478", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2012-1960", "CVE-2012-0445", "CVE-2012-0462", "CVE-2012-4217", "CVE-2013-1686", "CVE-2013-0745", "CVE-2013-0756", "CVE-2012-4218", "CVE-2013-0760", "CVE-2011-2377", "CVE-2014-1485", "CVE-2014-1493", "CVE-2007-3735", "CVE-2011-3000", "CVE-2010-2765", "CVE-2014-1544", "CVE-2010-2767", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2013-0767", "CVE-2010-3182", "CVE-2009-0776", "CVE-2013-5603", "CVE-2012-1959", "CVE-2011-2363", "CVE-2011-0070", "CVE-2013-1682", "CVE-2012-1947", "CVE-2013-6673", "CVE-2013-1674", "CVE-2013-0762", "CVE-2014-1562", "CVE-2010-3170", "CVE-2011-3005", "CVE-2012-4208", "CVE-2011-3658", "CVE-2014-1541", "CVE-2011-2373", "CVE-2008-5511", "CVE-2011-2992", "CVE-2014-1488", "CVE-2012-1957", "CVE-2012-1958", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2014-1552", "CVE-2010-3183", "CVE-2010-1202", "CVE-2012-0468", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-1549", "CVE-2013-1713", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2008-4061", "CVE-2013-5591", "CVE-2010-1199", "CVE-2012-4204", "CVE-2013-5602", "CVE-2011-2985", "CVE-2012-4192", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2013-0774", "CVE-2008-5024", "CVE-2013-0753", "CVE-2012-5833", "CVE-2014-1557", "CVE-2013-1736", "CVE-2014-1526", "CVE-2013-0776", "CVE-2012-3964", "CVE-2013-5593", "CVE-2014-1550", "CVE-2013-1718", "CVE-2012-5841", "CVE-2014-1533", "CVE-2013-1717", "CVE-2010-2754", "CVE-2008-5507", "CVE-2012-3990", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2008-4065", "CVE-2013-1693", "CVE-2010-2760", "CVE-2013-0750", "CVE-2012-1937", "CVE-2014-1560", "CVE-2012-4215", "CVE-2013-6629", "CVE-2012-0463", "CVE-2013-1677", "CVE-2011-2991", "CVE-2013-0770", "CVE-2013-0793", "CVE-2012-4179", "CVE-2011-3001", "CVE-2014-1483", "CVE-2014-1489", "CVE-2011-3062", "CVE-2012-0477", "CVE-2013-1722", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2013-1710", "CVE-2012-0467", "CVE-2012-0458", "CVE-2013-0758", "CVE-2013-5600", "CVE-2010-2752", "CVE-2014-1499", "CVE-2014-1518", "CVE-2012-0471", "CVE-2012-3961", "CVE-2014-1561", "CVE-2012-3971", "CVE-2013-0764", "CVE-2014-1528", "CVE-2013-5618", "CVE-2011-0072"], "description": "This patch contains security updates for\n\n * mozilla-nss 3.16.4\n - The following 1024-bit root CA certificate was restored to allow more\n time to develop a better transition strategy for affected sites. It\n was removed in NSS 3.16.3, but discussion in the\n mozilla.dev.security.policy forum led to the decision to keep this\n root included longer in order to give website administrators more time\n to update their web servers.\n - CN = GTE CyberTrust Global Root\n * In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification\n Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit\n intermediate CA certificate has been included, without explicit trust.\n The intention is to mitigate the effects of the previous removal of\n the 1024-bit Entrust.net root certificate, because many public\n Internet sites still use the "USERTrust Legacy Secure Server CA"\n intermediate certificate that is signed by the 1024-bit Entrust.net\n root certificate. The inclusion of the intermediate certificate is a\n temporary measure to allow those sites to function, by allowing them\n to find a trust path to another 2048-bit root CA certificate. The\n temporarily included intermediate certificate expires November 1, 2015.\n\n * Firefox 31.1esr Firefox is updated from 24esr to 31esr as maintenance\n for version 24 stopped\n\n", "modified": "2014-09-09T18:04:16", "published": "2014-09-09T18:04:16", "id": "OPENSUSE-SU-2014:1100-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00004.html", "type": "suse", "title": "Firefox update to 31.1esr (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
