BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Multiple Vulnerabilities in Adobe Shockwave Player

Disclosed December 17, 2012    No Patch Available

Vulnerability Description:

VU#546769 (CVE-2012-6270):
Under certain circumstances, Adobe Shockwave Player will install an older version of the runtime, when legacy components are required by a Shockwave file. This enables attackers to target known vulnerabilities that exist in legacy components, which opens users up to the potential to be exploited.
 
VU#323161 (no CVE listed):
The full installer for Adobe Shockwave Player 11.6.8.638 installs an old version of Flash Player (10.2.159.1), which contains multiple vulnerabilities known to be exploitable. Users who use this full installer leave themselves open to attackers who attempt to exploit vulnerabilities in that version of Flash Player.
 
VU#519137 (CVE-2012-6271):
In the case that Adobe Shockwave Player is missing a component, known as an Xtra, it will be downloaded so that the Shockwave content can be played. If Adobe or Macromedia has signed the Xtra that is downloaded, the Xtra will be installed automatically with no user interaction. However, since the URL used to download the Xtra can be provided by the Shockwave file that requires the component, an attacker could provide a URL to a vulnerable version of an Xtra that has been signed by Adobe/Macromedia. The attacker could then exploit that vulnerable Xtra, granting them the ability to execute arbitrary code on the user’s system.

Vendors:

Adobe

Vulnerable Software/Devices:

Adobe Shockwave Player 11.6.8.638 and earlier

Vulnerability Severity:

High

Exploit Availability:

N/A

Exploit Impact:

Remote Code Execution
Remote Code Execution Exploitation of these vulnerabilities is possible through the use of methods like drive-by attacks. Remote attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as the currently logged on user.

BeyondTrust Prevention and Detection:

 

Mitigation:

Block the Shockwave Player ActiveX control in Internet Explorer by setting killbits for the following CLSIDs:
- {166B1BCA-3F9C-11CF-8075-444553540000}
- {233C1507-6A77-46A4-9443-F871F945D258}

Links:

CVE(s):

None

Leave a Reply