Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6271

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-6271
Last Modified 29 Jan 2013 12:00:00
Published 20 Dec 2012 07:02:20
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6271

Summary

Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an outdated Xtra.

Vulnerable Systems

Application

  • Adobe Shockwave Player 1.0

  • Adobe Shockwave Player 10.0.0.210

  • Adobe Shockwave Player 10.0.1.004

  • Adobe Shockwave Player 10.1.0.011

  • Adobe Shockwave Player 10.1.0.11

  • Adobe Shockwave Player 10.1.1.016

  • Adobe Shockwave Player 10.1.4.020

  • Adobe Shockwave Player 10.2.0.021

  • Adobe Shockwave Player 10.2.0.022

  • Adobe Shockwave Player 10.2.0.023

  • Adobe Shockwave Player 11.0.0.456

  • Adobe Shockwave Player 11.0.3.471

  • Adobe Shockwave Player 11.5.0.595

  • Adobe Shockwave Player 11.5.0.596

  • Adobe Shockwave Player 11.5.1.601

  • Adobe Shockwave Player 11.5.10.620

  • Adobe Shockwave Player 11.5.2.602

  • Adobe Shockwave Player 11.5.6.606

  • Adobe Shockwave Player 11.5.7.609

  • Adobe Shockwave Player 11.5.8.612

  • Adobe Shockwave Player 11.5.9.615

  • Adobe Shockwave Player 11.5.9.620

  • Adobe Shockwave Player 11.6.0.626

  • Adobe Shockwave Player 11.6.1.629

  • Adobe Shockwave Player 11.6.3.633

  • Adobe Shockwave Player 11.6.4.634

  • Adobe Shockwave Player 11.6.5.635

  • Adobe Shockwave Player 11.6.6.636

  • Adobe Shockwave Player 11.6.7.637

  • Adobe Shockwave Player 11.6.8.638

  • Adobe Shockwave Player 2.0

  • Adobe Shockwave Player 3.0

  • Adobe Shockwave Player 4.0

  • Adobe Shockwave Player 5.0

  • Adobe Shockwave Player 6.0

  • Adobe Shockwave Player 8.0

  • Adobe Shockwave Player 8.0.196

  • Adobe Shockwave Player 8.0.196a

  • Adobe Shockwave Player 8.0.204

  • Adobe Shockwave Player 8.0.205

  • Adobe Shockwave Player 8.5.1

  • Adobe Shockwave Player 8.5.1.100

  • Adobe Shockwave Player 8.5.1.103

  • Adobe Shockwave Player 8.5.1.105

  • Adobe Shockwave Player 8.5.1.106

  • Adobe Shockwave Player 8.5.321

  • Adobe Shockwave Player 8.5.323

  • Adobe Shockwave Player 8.5.324

  • Adobe Shockwave Player 8.5.325

  • Adobe Shockwave Player 9.0.383

  • Adobe Shockwave Player 9.0.432


References

CERT-VN - VU#519137


Last Updated: 27 May 2016 11:01:28