SB2012102401 - Multiple vulnerabilities in Adobe Shockwave Player
Published: October 24, 2012 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2012-4172)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4173, CVE-2012-4174, CVE-2012-4175, and CVE-2012-5273.
2) Buffer overflow (CVE-ID: CVE-2012-4173)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4174, CVE-2012-4175, and CVE-2012-5273.
3) Buffer overflow (CVE-ID: CVE-2012-4174)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4175, and CVE-2012-5273.
4) Buffer overflow (CVE-ID: CVE-2012-4175)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, and CVE-2012-5273.
5) Input validation error (CVE-ID: CVE-2012-4176)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Array index error in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors.
6) Buffer overflow (CVE-ID: CVE-2012-5273)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, and CVE-2012-4175.
Remediation
Install update from vendor's website.
References
- http://osvdb.org/86537
- http://www.adobe.com/support/security/bulletins/apsb12-23.html
- http://www.kb.cert.org/vuls/id/872545
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79544
- http://osvdb.org/86538
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79545
- http://osvdb.org/86539
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79546
- http://osvdb.org/86540
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79547
- http://osvdb.org/86542
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79548
- http://osvdb.org/86541
- http://www.securityfocus.com/bid/56187