{"id": "SECURITYVULNS:VULN:12886", "bulletinFamily": "software", "title": "Adobe Shockwave Player code execution", "description": "Few code execution possibilities", "published": "2013-02-14T00:00:00", "modified": "2013-02-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12886", "reporter": "ADOBE", "references": [], "cvelist": ["CVE-2013-0635", "CVE-2013-0636"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:50", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "1af6047f13f6cb6c7548dbada42d0618"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "ae63a49ab8a07ca68e67f046f08c39f5"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "c27863ca68f2d2545864438558bbf35e"}, {"key": "href", "hash": "15d3efb8df61e5172f0998be35fb7564"}, {"key": "modified", "hash": "2c8bd47ca94fbc0dee93098d60d31816"}, {"key": "published", "hash": "2c8bd47ca94fbc0dee93098d60d31816"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "e66fb857e48e693271f76d3043daec74"}, {"key": "title", "hash": "9ae32abfb89a26720c9339b35a82f582"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "04e671ab1c75fa5f4886468b084c8f8363bf7ca484efcb0686330680b25648dd", "viewCount": 3, "enchantments": {"score": {"value": 9.3, "vector": "NONE", "modified": "2018-08-31T11:09:50"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-0636", "CVE-2013-0635"]}, {"type": "openvas", "idList": ["OPENVAS:803413", "OPENVAS:1361412562310803414", "OPENVAS:1361412562310803413", "OPENVAS:803414"]}, {"type": "nessus", "idList": ["MACOSX_SHOCKWAVE_PLAYER_APSB13-06.NASL", "SHOCKWAVE_PLAYER_APSB13-06.NASL"]}], "modified": "2018-08-31T11:09:50"}, "vulnersScore": 9.3}, "objectVersion": "1.3", "affectedSoftware": [{"name": "Shockwave Player", "operator": "eq", "version": "11.6"}]}

{"cve": [{"lastseen": "2017-10-12T18:09:42", "bulletinFamily": "NVD", "description": "Adobe Shockwave Player before 12.0.0.112 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.", "modified": "2013-05-03T23:23:14", "published": "2013-02-13T16:55:06", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0635", "id": "CVE-2013-0635", "title": "CVE-2013-0635", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T18:09:42", "bulletinFamily": "NVD", "description": "Stack-based buffer overflow in Adobe Shockwave Player before 12.0.0.112 allows attackers to execute arbitrary code via unspecified vectors.", "modified": "2013-05-03T23:23:14", "published": "2013-02-13T16:55:06", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0636", "id": "CVE-2013-0636", "title": "CVE-2013-0636", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-02T21:11:12", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Shockwave player and is prone to\n multiple vulnerabilities.", "modified": "2017-05-08T00:00:00", "published": "2013-02-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=803413", "id": "OPENVAS:803413", "title": "Adobe Shockwave Player Multiple Vulnerabilities -01 Feb13 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_vuln01_feb13_win.nasl 6079 2017-05-08 09:03:33Z teissa $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities -01 Feb13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to cause buffer overflow,\n remote code execution, and corrupt system memory.\n Impact Level: System/Application\";\n\ntag_affected = \"Adobe Shockwave Player Version 11.6.8.638 and prior on Windows\";\ntag_insight = \"Multiple flaws due to unspecified error.\";\ntag_solution = \"Update to version 12.0.0.112 or later,\n For updates refer to http://get.adobe.com/shockwave\";\ntag_summary = \"This host is installed with Adobe Shockwave player and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(803413);\n script_version(\"$Revision: 6079 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-08 11:03:33 +0200 (Mon, 08 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 18:56:37 +0530 (Fri, 15 Feb 2013)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2013-0635\",\"CVE-2013-0636\");\n script_bugtraq_id(57906, 57908);\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities -01 Feb13 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/52120\");\n script_xref(name : \"URL\" , value : \"http://www.qualys.com/research/alerts/view.php/2013-02-12-2\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb13-06.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_require_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nplayerVer = \"\";\n\n# Check for Adobe Shockwave Player Version prior to 11.6.8.639\nplayerVer = get_kb_item(\"Adobe/ShockwavePlayer/Ver\");\nif(playerVer != NULL)\n{\n if(version_is_less_equal(version:playerVer, test_version:\"11.6.8.638\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:41:37", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Shockwave player and is prone to\n multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2013-02-15T00:00:00", "id": "OPENVAS:1361412562310803414", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803414", "title": "Adobe Shockwave Player Multiple Vulnerabilities -01 Feb13 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_vuln01_feb13_macosx.nasl 11865 2018-10-12 10:03:43Z cfischer $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities -01 Feb13 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803414\");\n script_version(\"$Revision: 11865 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 19:12:08 +0530 (Fri, 15 Feb 2013)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2013-0635\", \"CVE-2013-0636\");\n script_bugtraq_id(57906, 57908);\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities -01 Feb13 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/52120\");\n script_xref(name:\"URL\", value:\"http://www.qualys.com/research/alerts/view.php/2013-02-12-2\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb13-06.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Shockwave/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause buffer overflow,\n remote code execution, and corrupt system memory.\");\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player Version 11.6.8.638 and prior on Mac OS X\");\n script_tag(name:\"insight\", value:\"Multiple flaws due to unspecified error.\");\n script_tag(name:\"solution\", value:\"Update to version 12.0.0.112 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave player and is prone to\n multiple vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://get.adobe.com/shockwave\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nplayerVer = get_kb_item(\"Adobe/Shockwave/MacOSX/Version\");\nif(playerVer != NULL)\n{\n if(version_is_less_equal(version:playerVer, test_version:\"11.6.8.638\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:11:05", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Shockwave player and is prone to\n multiple vulnerabilities.", "modified": "2017-05-11T00:00:00", "published": "2013-02-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=803414", "id": "OPENVAS:803414", "title": "Adobe Shockwave Player Multiple Vulnerabilities -01 Feb13 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_vuln01_feb13_macosx.nasl 6104 2017-05-11 09:03:48Z teissa $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities -01 Feb13 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to cause buffer overflow,\n remote code execution, and corrupt system memory.\n Impact Level: System/Application\";\n\ntag_affected = \"Adobe Shockwave Player Version 11.6.8.638 and prior on Mac OS X\";\ntag_insight = \"Multiple flaws due to unspecified error.\";\ntag_solution = \"Update to version 12.0.0.112 or later,\n For updates refer to http://get.adobe.com/shockwave\";\ntag_summary = \"This host is installed with Adobe Shockwave player and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(803414);\n script_version(\"$Revision: 6104 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-11 11:03:48 +0200 (Thu, 11 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 19:12:08 +0530 (Fri, 15 Feb 2013)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2013-0635\",\"CVE-2013-0636\");\n script_bugtraq_id(57906, 57908);\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities -01 Feb13 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/52120\");\n script_xref(name : \"URL\" , value : \"http://www.qualys.com/research/alerts/view.php/2013-02-12-2\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb13-06.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_detect_macosx.nasl\");\n script_require_keys(\"Adobe/Shockwave/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nplayerVer = \"\";\n\n# Check for Adobe Shockwave Player Version prior to 11.6.8.639\nplayerVer = get_kb_item(\"Adobe/Shockwave/MacOSX/Version\");\nif(playerVer != NULL)\n{\n if(version_is_less_equal(version:playerVer, test_version:\"11.6.8.638\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:42:07", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Shockwave player and is prone to\n multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2013-02-15T00:00:00", "id": "OPENVAS:1361412562310803413", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803413", "title": "Adobe Shockwave Player Multiple Vulnerabilities -01 Feb13 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_vuln01_feb13_win.nasl 11865 2018-10-12 10:03:43Z cfischer $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities -01 Feb13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803413\");\n script_version(\"$Revision: 11865 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 18:56:37 +0530 (Fri, 15 Feb 2013)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2013-0635\", \"CVE-2013-0636\");\n script_bugtraq_id(57906, 57908);\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities -01 Feb13 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/52120\");\n script_xref(name:\"URL\", value:\"http://www.qualys.com/research/alerts/view.php/2013-02-12-2\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb13-06.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_mandatory_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause buffer overflow,\n remote code execution, and corrupt system memory.\");\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player Version 11.6.8.638 and prior on Windows\");\n script_tag(name:\"insight\", value:\"Multiple flaws due to unspecified error.\");\n script_tag(name:\"solution\", value:\"Update to version 12.0.0.112 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave player and is prone to\n multiple vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://get.adobe.com/shockwave\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nplayerVer = get_kb_item(\"Adobe/ShockwavePlayer/Ver\");\nif(playerVer != NULL)\n{\n if(version_is_less_equal(version:playerVer, test_version:\"11.6.8.638\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:20:30", "bulletinFamily": "scanner", "description": "The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is equal to or prior than 11.6.8.638. It is, therefore, affected\nby the following vulnerabilities :\n\n - An unspecified memory corruption error exists that\n allows a denial of service or arbitrary code execution.\n (CVE-2013-0635)\n\n - A stacked-based buffer overflow exists that allows code\n execution. (CVE-2013-0636)\n\nA remote attacker can exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.", "modified": "2018-07-14T00:00:00", "published": "2014-12-22T00:00:00", "id": "MACOSX_SHOCKWAVE_PLAYER_APSB13-06.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80183", "title": "Adobe Shockwave Player <= 11.6.8.638 Multiple Vulnerabilities (APSB13-06) (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80183);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\"CVE-2013-0635\", \"CVE-2013-0636\");\n script_bugtraq_id(57906, 57908);\n\n script_name(english:\"Adobe Shockwave Player <= 11.6.8.638 Multiple Vulnerabilities (APSB13-06) (Mac OS X)\");\n script_summary(english:\"Checks the version of Shockwave Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is equal to or prior than 11.6.8.638. It is, therefore, affected\nby the following vulnerabilities :\n\n - An unspecified memory corruption error exists that\n allows a denial of service or arbitrary code execution.\n (CVE-2013-0635)\n\n - A stacked-based buffer overflow exists that allows code\n execution. (CVE-2013-0636)\n\nA remote attacker can exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb13-06.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Shockwave Player 12.0.0.112 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"shockwave_player_detect_macosx.nbin\");\n script_require_keys(\"installed_sw/Shockwave Player\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp = 'Shockwave Player';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\nif (ver_compare(ver:ver, fix:'11.6.8.638', strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed versions : 12.0.0.112' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(port:0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:15:39", "bulletinFamily": "scanner", "description": "The remote Windows host contains a version of Adobe's Shockwave Player\nthat is equal to or earlier than 11.6.8.638 and is, therefore,\npotentially affected by the following vulnerabilities :\n\n - An unspecified memory corruption error exists that could\n lead to denial or potentially arbitrary code execution.\n (CVE-2013-0635)\n\n - A stacked-based buffer overflow exists that could lead to\n code execution. (CVE-2013-0636)\n\nA remote attacker could exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.", "modified": "2018-07-27T00:00:00", "published": "2013-02-13T00:00:00", "id": "SHOCKWAVE_PLAYER_APSB13-06.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64621", "title": "Shockwave Player <= 11.6.8.638 Multiple Vulnerabilities (APSB13-06)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64621);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\"CVE-2013-0635\", \"CVE-2013-0636\");\n script_bugtraq_id(57906, 57908);\n\n script_name(english:\"Shockwave Player <= 11.6.8.638 Multiple Vulnerabilities (APSB13-06)\");\n script_summary(english:\"Checks version of Shockwave Player\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains a web browser plugin that is affected\nby multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Windows host contains a version of Adobe's Shockwave Player\nthat is equal to or earlier than 11.6.8.638 and is, therefore,\npotentially affected by the following vulnerabilities :\n\n - An unspecified memory corruption error exists that could\n lead to denial or potentially arbitrary code execution.\n (CVE-2013-0635)\n\n - A stacked-based buffer overflow exists that could lead to\n code execution. (CVE-2013-0636)\n\nA remote attacker could exploit these issues by tricking a user into\nviewing a malicious Shockwave file, resulting in arbitrary code\nexecution.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb13-06.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Shockwave Player 12.0.0.112 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"shockwave_player_apsb09_08.nasl\");\n script_require_keys(\"SMB/shockwave_player\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\ninstalls = get_kb_list_or_exit(\"SMB/shockwave_player/*/path\");\n\nappname = \"Shockwave Player\";\n\nlatest_vuln_version = \"11.6.8.638\"; # versions <= this version are vuln\nfix = \"12.0.0.112\";\n\ninfo = NULL;\npattern = \"SMB/shockwave_player/([^/]+)/([^/]+)/path\";\n\nvuln = 0;\nforeach install (keys(installs))\n{\n match = eregmatch(string:install, pattern:pattern);\n if (!match) exit(1, \"Unexpected format of KB key '\" + install + \"'.\");\n\n file = installs[install];\n variant = match[1];\n version = match[2];\n\n if (ver_compare(ver:version, fix:latest_vuln_version) <= 0)\n {\n if (variant == \"Plugin\")\n info += '\\n Variant : Browser Plugin (for Firefox / Netscape / Opera)';\n else if (variant == \"ActiveX\")\n info += '\\n Variant : ActiveX control (for Internet Explorer)';\n info +=\n '\\n File : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + '\\n';\n vuln++;\n }\n}\n\nif (!info) audit(AUDIT_INST_VER_NOT_VULN, appname);\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\nif (report_verbosity > 0)\n{\n if (vuln > 1) s = \"s\";\n else s = \"\";\n\n report =\n '\\nNessus has identified the following vulnerable instance' + s + ' of Shockwave'+\n '\\nPlayer installed on the remote host :' +\n '\\n' +\n info + '\\n';\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}