Lucene search
HistoryDec 20, 2012 - 12:02 p.m.
CVE-2012-6271
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.7
Confidence
Low
EPSS
0.005
Percentile
77.0%
Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an outdated Xtra.
Affected configurations
Node
adobeshockwave_playerRange≤11.6.8.638
ORadobeshockwave_playerMatch1.0
ORadobeshockwave_playerMatch2.0
ORadobeshockwave_playerMatch3.0
ORadobeshockwave_playerMatch4.0
ORadobeshockwave_playerMatch5.0
ORadobeshockwave_playerMatch6.0
ORadobeshockwave_playerMatch8.0
ORadobeshockwave_playerMatch8.0.196
ORadobeshockwave_playerMatch8.0.196a
ORadobeshockwave_playerMatch8.0.204
ORadobeshockwave_playerMatch8.0.205
ORadobeshockwave_playerMatch8.5.1
ORadobeshockwave_playerMatch8.5.1.100
ORadobeshockwave_playerMatch8.5.1.103
ORadobeshockwave_playerMatch8.5.1.105
ORadobeshockwave_playerMatch8.5.1.106
ORadobeshockwave_playerMatch8.5.321
ORadobeshockwave_playerMatch8.5.323
ORadobeshockwave_playerMatch8.5.324
ORadobeshockwave_playerMatch8.5.325
ORadobeshockwave_playerMatch9.0.383
ORadobeshockwave_playerMatch9.0.432
ORadobeshockwave_playerMatch10.0.0.210
ORadobeshockwave_playerMatch10.0.1.004
ORadobeshockwave_playerMatch10.1.0.11
ORadobeshockwave_playerMatch10.1.0.011
ORadobeshockwave_playerMatch10.1.1.016
ORadobeshockwave_playerMatch10.1.4.020
ORadobeshockwave_playerMatch10.2.0.021
ORadobeshockwave_playerMatch10.2.0.022
ORadobeshockwave_playerMatch10.2.0.023
ORadobeshockwave_playerMatch11.0.0.456
ORadobeshockwave_playerMatch11.0.3.471
ORadobeshockwave_playerMatch11.5.0.595
ORadobeshockwave_playerMatch11.5.0.596
ORadobeshockwave_playerMatch11.5.1.601
ORadobeshockwave_playerMatch11.5.2.602
ORadobeshockwave_playerMatch11.5.6.606
ORadobeshockwave_playerMatch11.5.7.609
ORadobeshockwave_playerMatch11.5.8.612
ORadobeshockwave_playerMatch11.5.9.615
ORadobeshockwave_playerMatch11.5.9.620
ORadobeshockwave_playerMatch11.5.10.620
ORadobeshockwave_playerMatch11.6.0.626
ORadobeshockwave_playerMatch11.6.1.629
ORadobeshockwave_playerMatch11.6.3.633
ORadobeshockwave_playerMatch11.6.4.634
ORadobeshockwave_playerMatch11.6.5.635
ORadobeshockwave_playerMatch11.6.6.636
ORadobeshockwave_playerMatch11.6.7.637
| Vendor | Product | Version | CPE |
|---|---|---|---|
| adobe | shockwave_player | * | cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:* |
| adobe | shockwave_player | 1.0 | cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:* |
| adobe | shockwave_player | 2.0 | cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:* |
| adobe | shockwave_player | 3.0 | cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:* |
| adobe | shockwave_player | 4.0 | cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:* |
| adobe | shockwave_player | 5.0 | cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:* |
| adobe | shockwave_player | 6.0 | cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:* |
| adobe | shockwave_player | 8.0 | cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:* |
| adobe | shockwave_player | 8.0.196 | cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:* |
| adobe | shockwave_player | 8.0.196a | cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:* |
Related
cert
cert
Adobe Shockwave player installs Xtras without prompting
2012-12-17 00:00:00
cve
cve
CVE-2012-6271
2012-12-20 12:02:20
prion
prion
Design/Logic Flaw
2012-12-20 12:02:00
cvelist
cvelist
CVE-2012-6271
2012-12-20 11:00:00
openvas
openvas
Adobe Shockwave Player Multiple Vulnerabilities (Jan 2013) - Windows
2013-01-02 00:00:00
Adobe Shockwave Player Multiple Vulnerabilities Jan-2013 (Windows)
2013-01-02 00:00:00
Adobe Shockwave Player Multiple Vulnerabilities Jan-2013 (Mac OS X)
2013-01-02 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.7
Confidence
Low
EPSS
0.005
Percentile
77.0%
Related for NVD:CVE-2012-6271