Adobe Shockwave Player downgrade Installation Vulnerability

Release date:
Updated on:

Affected Systems:
Adobe Shockwave Player <= 11.5.7. 609
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56972
CVE (CAN) ID: CVE-2012-6270

Adobe Shockwave Player is a software used to play web content created using Macromedia and Adobe ctor.

Shockwave Player may automatically install the earlier runtime version. As a result, attackers can exploit the earlier version to launch remote attacks.

When you view Shockwave content in a browser, the Shockwave 11 ActiveX control is downloaded to the <% System %>/Adobe/Shockwave 11 folder. If the download version is not specified as 11 on the HTML page, Shockwave 10.4.0.025 ActiveX is downloaded by default and installed in the <% System %>/Macromed/Shockwave10 folder. The automatic Shockwave update mechanism is only installed on version 11. If you want to play the content of the old version, you can set the compatibility parameter to 10 or blank to download Shockwave 10.4.0.025. This design allows attackers to exploit the Shockwave 10 runtime vulnerability to execute arbitrary code.

<* Source: Will Dormann

Link: http://www.eeye.com/resources/security-center/research/zero-day-tracker/2012/20121217
Http://www.kb.cert.org/vuls/id/546769
*>

Suggestion:
--------------------------------------------------------------------------------
Temporary solution:

* Restrict Access To ctor files;

* Disable the Shockwave Player ActiveX control in IE;

* Use Microsoft Enhanced Mitigation Experience Toolkit

* Enable DEP in Microsoft Windows

* Install Shockwave completely instead of simply

Vendor patch:

Adobe
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.adobe.com/support/security/