Vulnerabilities > CVE-2019-7104 - Out-of-bounds Write vulnerability in Adobe Shockwave Player
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SHOCKWAVE_PLAYER_APSB19-20.NASL description The remote Mac OS X host contains a version of Adobe Shockwave Player that is prior or equal to 12.3.4.204. It is, therefore, affected by multiple memory corruption vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 124027 published 2019-04-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124027 title Adobe Shockwave Player <= 12.3.4.204 Multiple memory corruption vulnerabilities (APSB19-20) (Mac OS X) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124027); script_version("1.2"); script_cvs_date("Date: 2019/10/30 13:24:46"); script_cve_id( "CVE-2019-7098", "CVE-2019-7099", "CVE-2019-7100", "CVE-2019-7101", "CVE-2019-7102", "CVE-2019-7103", "CVE-2019-7104" ); script_xref(name:"IAVA", value:"2019-A-0103"); script_name(english:"Adobe Shockwave Player <= 12.3.4.204 Multiple memory corruption vulnerabilities (APSB19-20) (Mac OS X)"); script_summary(english:"Checks the version of Shockwave Player."); script_set_attribute(attribute:"synopsis", value: "The remote Mac OS X host contains a web browser plugin that is affected by multiple remote code execution vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Mac OS X host contains a version of Adobe Shockwave Player that is prior or equal to 12.3.4.204. It is, therefore, affected by multiple memory corruption vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code."); # https://helpx.adobe.com/security/products/shockwave/apsb19-20.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b837125a"); script_set_attribute(attribute:"solution", value: "Upgrade to Adobe Shockwave Player 12.3.5.205 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7104"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date",value:"2019/04/09"); script_set_attribute(attribute:"patch_publication_date",value:"2019/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/12"); script_set_attribute(attribute:"agent", value:"all"); script_set_attribute(attribute:"plugin_type",value:"local"); script_set_attribute(attribute:"cpe",value:"cpe:/a:adobe:shockwave_player"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("shockwave_player_detect_macosx.nbin"); script_require_keys("installed_sw/Shockwave Player", "Host/MacOSX/Version", "Host/local_checks_enabled"); exit(0); } include('vcf.inc'); get_kb_item_or_exit('Host/local_checks_enabled'); os = get_kb_item('Host/MacOSX/Version'); if (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X'); app = 'Shockwave Player'; max_ver = '12.3.4.204'; fix_ver = '12.3.5.205'; app_info = vcf::get_app_info(app:app); constraints = [{ 'max_version' : max_ver, 'fixed_version' : fix_ver }]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
NASL family Windows NASL id SHOCKWAVE_PLAYER_APSB19-20.NASL description The remote Windows host contains a version of Adobe Shockwave Player that is prior or equal to 12.3.4.204. It is, therefore, affected by multiple memory corruption vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code. Note: Adobe Shockwave Player has reached EOL. Therefore, the solution is to uninstall Adobe Shockwave Player if you do not have an existing Enterprise license for Adobe Shockwave Player. last seen 2020-06-01 modified 2020-06-02 plugin id 124028 published 2019-04-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124028 title Adobe Shockwave Player <= 12.3.4.204 Multiple memory corruption vulnerabilities (APSB19-20) (Windows) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124028); script_version("1.3"); script_cvs_date("Date: 2019/10/30 13:24:47"); script_cve_id( "CVE-2019-7098", "CVE-2019-7099", "CVE-2019-7100", "CVE-2019-7101", "CVE-2019-7102", "CVE-2019-7103", "CVE-2019-7104" ); script_xref(name:"IAVA", value:"2019-A-0103"); script_name(english:"Adobe Shockwave Player <= 12.3.4.204 Multiple memory corruption vulnerabilities (APSB19-20) (Windows)"); script_summary(english:"Checks the version of Shockwave Player."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a web browser plugin that is affected by multiple remote code execution vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Windows host contains a version of Adobe Shockwave Player that is prior or equal to 12.3.4.204. It is, therefore, affected by multiple memory corruption vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code. Note: Adobe Shockwave Player has reached EOL. Therefore, the solution is to uninstall Adobe Shockwave Player if you do not have an existing Enterprise license for Adobe Shockwave Player."); # https://helpx.adobe.com/security/products/shockwave/apsb19-20.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b837125a"); # https://helpx.adobe.com/shockwave/shockwave-end-of-life-faq.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b536fdfa"); script_set_attribute(attribute:"solution", value: "Uninstall Adobe Shockwave Player."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7104"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date",value:"2019/04/09"); script_set_attribute(attribute:"patch_publication_date",value:"2019/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/12"); script_set_attribute(attribute:"agent", value:"all"); script_set_attribute(attribute:"plugin_type",value:"local"); script_set_attribute(attribute:"cpe",value:"cpe:/a:adobe:shockwave_player"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("shockwave_player_apsb09_08.nasl"); script_require_keys("SMB/shockwave_player"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); installs = get_kb_list_or_exit("SMB/shockwave_player/*/path"); appname = "Shockwave Player"; latest_vuln_version = "12.3.4.204"; # versions <= this version are vuln fix = "12.3.5.205"; info = NULL; pattern = "SMB/shockwave_player/([^/]+)/([^/]+)/path"; vuln = 0; foreach install (keys(installs)) { match = pregmatch(string:install, pattern:pattern); if (!match) exit(1, "Unexpected format of KB key '" + install + "'."); file = installs[install]; variant = match[1]; version = match[2]; if (ver_compare(ver:version, fix:latest_vuln_version) <= 0) { if (variant == "Plugin") info += '\n Variant : Browser Plugin (for Firefox / Netscape / Opera)'; else if (variant == "ActiveX") info += '\n Variant : ActiveX control (for Internet Explorer)'; info += '\n File : ' + file + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; vuln++; } } if (!info) audit(AUDIT_INST_VER_NOT_VULN, appname); port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { if (vuln > 1) s = "s"; else s = ""; report = '\n' + 'Nessus has identified the following vulnerable instance' + s + ' of Shockwave'+ '\n' + 'Player installed on the remote host :' + '\n' + info + '\n'; security_hole(port:port, extra:report); } else security_hole(port);