CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
75.0%
Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of a Shockwave Player 10.4.0.025 compatibility feature via a crafted HTML document that references Shockwave content with a certain compatibility parameter, related to a “downgrading” attack.
Vendor | Product | Version | CPE |
---|---|---|---|
adobe | shockwave_player | 11.0.3.471 | cpe:/a:adobe:shockwave_player:11.0.3.471::: |
adobe | shockwave_player | 4.0 | cpe:/a:adobe:shockwave_player:4.0::: |
adobe | shockwave_player | 8.0.196a | cpe:/a:adobe:shockwave_player:8.0.196a::: |
adobe | shockwave_player | 11.6.7.637 | cpe:/a:adobe:shockwave_player:11.6.7.637::: |
adobe | shockwave_player | 8.5.321 | cpe:/a:adobe:shockwave_player:8.5.321::: |
adobe | shockwave_player | 11.5.0.595 | cpe:/a:adobe:shockwave_player:11.5.0.595::: |
adobe | shockwave_player | 11.6.4.634 | cpe:/a:adobe:shockwave_player:11.6.4.634::: |
adobe | shockwave_player | 10.2.0.023 | cpe:/a:adobe:shockwave_player:10.2.0.023::: |
adobe | shockwave_player | 9.0.383 | cpe:/a:adobe:shockwave_player:9.0.383::: |
adobe | shockwave_player | 11.5.9.615 | cpe:/a:adobe:shockwave_player:11.5.9.615::: |