| VID |
28280 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Shockwave Player which is older than 11.5.8.612 has been installed on the host. remote Windows host contains a web browser plugin which is affected by multiple vulnerabilities. The remote Windows host contains a version of Adobe's Shockwave Player that is earlier than 11.5.8.612. Such versions are potentially affected by multiple issues.
- Multiple memory corruption issues exist that could lead to arbitrary code execution. (CVE-2010-2863, CVE-2010-2864, CVE-2010-2866, CVE-2010-2869, CVE-2010-2870, CVE-2010-2871, CVE-2010-2872, CVE-2010-2873, CVE-2010-2873, CVE-2010-2874, CVE-2010-2875, CVE-2010-2876, CVE-2010-2877, CVE-2010-2878, CVE-2010-2880, CVE-2010-2881, CVE-2010-2882)
- A pointer offset vulnerability exists that could lead to code execution. (CVE-2010-2867)
- Multiple unspecified denial of service issues exist. (CVE-2010-2865, CVE-2010-2868)
- An integer overflow vulnerability exists that could lead to lead to code execution. (CVE-2010-2879)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.adobe.com/support/security/bulletins/apsb10-20.html
* Platforms Affected:
Shockwave Player versions prior to 11.5.8.612
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version Shockwave Player (11.5.8.612 or later), available from the Adobe Web site at http://get.adobe.com/shockwave/ |
| Related URL |
CVE-2010-2863,CVE-2010-2864,CVE-2010-2865,CVE-2010-2866,CVE-2010-2867,CVE-2010-2868,CVE-2010-2869,CVE-2010-2870,CVE-2010-2871 (CVE) |
| Related URL |
42664,42665,42666,42667,42668,42669,42670,42671,42672,42673,42674,42675,42676,42677,42678,42679,42680,42682,42683,42684 (SecurityFocus) |
| Related URL |
(ISS) |
|
