{"id": "SECURITYVULNS:VULN:14593", "bulletinFamily": "software", "title": "Adobe Shockwave Player security vulnerabilities", "description": "Memory corruptions.", "published": "2015-07-19T00:00:00", "modified": "2015-07-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14593", "reporter": "ADOBE", "references": [], "cvelist": ["CVE-2015-5120", "CVE-2015-5121"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:01", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "a4a96b0140af76c267cfcd90e63779e2"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "f85c4c3078c12198fa211789b25b0dce"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "38e732c7489fe7e100b5453848efdd59"}, {"key": "href", "hash": "43d1659070e6bdd8bd78065325a2ddc5"}, {"key": "modified", "hash": "d10460e04c9b4476c31bfd0577b5a9e3"}, {"key": "published", "hash": "d10460e04c9b4476c31bfd0577b5a9e3"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "e66fb857e48e693271f76d3043daec74"}, {"key": "title", "hash": "0dabf7b4f3ae5752de6a5fbf23ae6fcc"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "56dbe2ac86334127f87223200e1606d17db39902dac08c83c70960e8d3c7777b", "viewCount": 2, "enchantments": {"score": {"value": 9.3, "vector": "NONE", "modified": "2018-08-31T11:10:01"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-5121", "CVE-2015-5120"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805926", "OPENVAS:1361412562310805925"]}, {"type": "nessus", "idList": ["SHOCKWAVE_PLAYER_APSB15-17.NASL", "MACOSX_SHOCKWAVE_PLAYER_APSB15-17.NASL"]}, {"type": "kaspersky", "idList": ["KLA10625"]}], "modified": "2018-08-31T11:10:01"}, "vulnersScore": 9.3}, "objectVersion": "1.3", "affectedSoftware": [{"name": "Shockwave Player", "operator": "eq", "version": "12.1"}]}

{"cve": [{"lastseen": "2017-04-18T15:57:27", "bulletinFamily": "NVD", "description": "Adobe Shockwave Player before 12.1.9.159 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5120.", "modified": "2016-12-29T08:16:22", "published": "2015-07-14T19:59:04", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5121", "id": "CVE-2015-5121", "title": "CVE-2015-5121", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:57:27", "bulletinFamily": "NVD", "description": "Adobe Shockwave Player before 12.1.9.159 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5121.", "modified": "2016-12-29T08:16:19", "published": "2015-07-14T19:59:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5120", "id": "CVE-2015-5120", "title": "CVE-2015-5120", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:21:57", "bulletinFamily": "scanner", "description": "The remote Windows host contains a version of Adobe Shockwave Player\nthat is prior to or equal to 12.1.8.158. It is, therefore, affected by\nmultiple remote code execution vulnerabilities :\n\n - An unspecified memory corruption issue exists due to\n improper validation of user-supplied input. An attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2015-5120)\n\n - An unspecified memory corruption issue exists due to\n improper validation of user-supplied input. An attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2015-5121)", "modified": "2018-07-27T00:00:00", "published": "2015-07-15T00:00:00", "id": "SHOCKWAVE_PLAYER_APSB15-17.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84765", "title": "Adobe Shockwave Player <= 12.1.8.158 Multiple RCE Vulnerabilities (APSB15-17)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84765);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\"CVE-2015-5120\", \"CVE-2015-5121\");\n script_bugtraq_id(75736, 75736);\n\n script_name(english:\"Adobe Shockwave Player <= 12.1.8.158 Multiple RCE Vulnerabilities (APSB15-17)\");\n script_summary(english:\"Checks version of Shockwave Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser plugin that is affected\nby multiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe Shockwave Player\nthat is prior to or equal to 12.1.8.158. It is, therefore, affected by\nmultiple remote code execution vulnerabilities :\n\n - An unspecified memory corruption issue exists due to\n improper validation of user-supplied input. An attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2015-5120)\n\n - An unspecified memory corruption issue exists due to\n improper validation of user-supplied input. An attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2015-5121)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/shockwave/apsb15-17.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Shockwave Player 12.1.9.159 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2015/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2015/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"shockwave_player_apsb09_08.nasl\");\n script_require_keys(\"SMB/shockwave_player\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\ninstalls = get_kb_list_or_exit(\"SMB/shockwave_player/*/path\");\n\nappname = \"Shockwave Player\";\n\nlatest_vuln_version = \"12.1.8.158\"; # versions <= this version are vuln\nfix = \"12.1.9.159\";\n\ninfo = NULL;\npattern = \"SMB/shockwave_player/([^/]+)/([^/]+)/path\";\n\nvuln = 0;\nforeach install (keys(installs))\n{\n match = eregmatch(string:install, pattern:pattern);\n if (!match) exit(1, \"Unexpected format of KB key '\" + install + \"'.\");\n\n file = installs[install];\n variant = match[1];\n version = match[2];\n\n if (ver_compare(ver:version, fix:latest_vuln_version) <= 0)\n {\n if (variant == \"Plugin\")\n info += '\\n Variant : Browser Plugin (for Firefox / Netscape / Opera)';\n else if (variant == \"ActiveX\")\n info += '\\n Variant : ActiveX control (for Internet Explorer)';\n info +=\n '\\n File : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + '\\n';\n vuln++;\n }\n}\n\nif (!info) audit(AUDIT_INST_VER_NOT_VULN, appname);\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\nif (report_verbosity > 0)\n{\n if (vuln > 1) s = \"s\";\n else s = \"\";\n\n report =\n '\\n' + 'Nessus has identified the following vulnerable instance' + s + ' of Shockwave'+\n '\\n' + 'Player installed on the remote host :' +\n '\\n' +\n info + '\\n';\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:21:57", "bulletinFamily": "scanner", "description": "The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is prior to or equal to 12.1.8.158. It is, therefore, affected by\nmultiple remote code execution vulnerabilities :\n\n - An unspecified memory corruption issue exists due to\n improper validation of user-supplied input. An attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2015-5120)\n\n - An unspecified memory corruption issue exists due to\n improper validation of user-supplied input. An attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2015-5121)", "modified": "2018-07-14T00:00:00", "published": "2015-07-15T00:00:00", "id": "MACOSX_SHOCKWAVE_PLAYER_APSB15-17.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84764", "title": "Adobe Shockwave Player <= 12.1.8.158 Multiple RCE Vulnerabilities (APSB15-17) (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84764);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\"CVE-2015-5120\", \"CVE-2015-5121\");\n script_bugtraq_id(75736, 75736);\n\n script_name(english:\"Adobe Shockwave Player <= 12.1.8.158 Multiple RCE Vulnerabilities (APSB15-17) (Mac OS X)\");\n script_summary(english:\"Checks version of Shockwave Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser plugin that is\naffected by multiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is prior to or equal to 12.1.8.158. It is, therefore, affected by\nmultiple remote code execution vulnerabilities :\n\n - An unspecified memory corruption issue exists due to\n improper validation of user-supplied input. An attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2015-5120)\n\n - An unspecified memory corruption issue exists due to\n improper validation of user-supplied input. An attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2015-5121)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/shockwave/apsb15-17.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Shockwave Player 12.1.9.159 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2015/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2015/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"shockwave_player_detect_macosx.nbin\");\n script_require_keys(\"installed_sw/Shockwave Player\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp = 'Shockwave Player';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\nif (ver_compare(ver:ver, fix:'12.1.8.158', strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed versions : 12.1.9.159' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(port:0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-10-22T16:39:45", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Shockwave\n Player and is prone to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-07-16T00:00:00", "id": "OPENVAS:1361412562310805926", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805926", "title": "Adobe Shockwave Player Multiple Vulnerabilities -01 July15 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_mult_vuln01_jul15_macosx.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities -01 July15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805926\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-5120\", \"CVE-2015-5121\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-16 12:33:59 +0530 (Thu, 16 Jul 2015)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities -01 July15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave\n Player and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Flaws are due to some unspecified errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct denial of service attack and potentially execute arbitrary\n code in the context of the affected user.\");\n\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player version before\n 12.1.9.159 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Shockwave Player version\n 12.1.9.159 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/shockwave/apsb15-17.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Shockwave/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/shockwave\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"12.1.9.159\"))\n{\n report = 'Installed version: ' + playerVer + '\\n' +\n 'Fixed version: ' + \"12.1.9.159\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:39:13", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Shockwave\n Player and is prone to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-07-16T00:00:00", "id": "OPENVAS:1361412562310805925", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805925", "title": "Adobe Shockwave Player Multiple Vulnerabilities -01 July15 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_mult_vuln01_jul15_win.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# Adobe Shockwave Player Multiple Vulnerabilities -01 July15 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:shockwave_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805925\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-5120\", \"CVE-2015-5121\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-16 12:25:12 +0530 (Thu, 16 Jul 2015)\");\n script_name(\"Adobe Shockwave Player Multiple Vulnerabilities -01 July15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave\n Player and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Flaws are due to some unspecified errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct denial of service attack and potentially execute arbitrary\n code in the context of the affected user.\");\n\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player version before\n 12.1.9.159 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Shockwave Player version\n 12.1.9.159 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/shockwave/apsb15-17.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_mandatory_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/shockwave\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"12.1.9.159\"))\n{\n report = 'Installed version: ' + playerVer + '\\n' +\n 'Fixed version: ' + \"12.1.9.159\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2019-02-15T12:33:46", "bulletinFamily": "info", "description": "### *Detect date*:\n07/14/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn unspecified vulnerability was found in Adobe Shockwave Player. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via an unknown vectors.\n\n### *Affected products*:\nAdobe Shockwave Player vresions earlier than 12.1.9.159\n\n### *Solution*:\nUpdate to the latest version \n[Get Shockwave Player](<https://get.adobe.com/shockwave/>)\n\n### *Original advisories*:\n[Adobe advisory](<https://helpx.adobe.com/security/products/shockwave/apsb15-17.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Shockwave Player](<https://threats.kaspersky.com/en/product/Adobe-Shockwave-Player/>)\n\n### *CVE-IDS*:\n[CVE-2015-5120](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5120>) \n[CVE-2015-5121](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5121>)", "modified": "2019-02-13T00:00:00", "published": "2015-07-14T00:00:00", "id": "KLA10625", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10625", "title": "\r KLA10625Code execution vulnerability in Adobe Shockwave Player ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}