cvelistv5 - cve-2017-2983

CVE-2017-2983 (GCVE-0-2017-2983)

Vulnerability from cvelistv5 – Published: 2017-03-14 16:00 – Updated: 2024-08-05 14:09

Summary

Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege.

Severity ?

No CVSS data available.

CWE

Insecure Library Loading (DLL hijacking)

Assigner

adobe

References

URL

Tags

	https://helpx.adobe.com/security/products/shockwa…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/96863	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1037993	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	Adobe Shockwave 12.2.7.197 and earlier.	Affected: Adobe Shockwave 12.2.7.197 and earlier.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:09:18.061Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/shockwave/apsb17-08.html"
          },
          {
            "name": "96863",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96863"
          },
          {
            "name": "1037993",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037993"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Adobe Shockwave 12.2.7.197 and earlier.",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Adobe Shockwave 12.2.7.197 and earlier."
            }
          ]
        }
      ],
      "datePublic": "2017-03-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insecure Library Loading (DLL hijacking)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-14T09:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/shockwave/apsb17-08.html"
        },
        {
          "name": "96863",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96863"
        },
        {
          "name": "1037993",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037993"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2017-2983",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Adobe Shockwave 12.2.7.197 and earlier.",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Adobe Shockwave 12.2.7.197 and earlier."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insecure Library Loading (DLL hijacking)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/shockwave/apsb17-08.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/shockwave/apsb17-08.html"
            },
            {
              "name": "96863",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96863"
            },
            {
              "name": "1037993",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037993"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2017-2983",
    "datePublished": "2017-03-14T16:00:00",
    "dateReserved": "2016-12-02T00:00:00",
    "dateUpdated": "2024-08-05T14:09:18.061Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"12.2.7.197\", \"matchCriteriaId\": \"3D35B9AD-40AB-4819-9D86-8FC4FCF6E2A1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege.\"}, {\"lang\": \"es\", \"value\": \"Adobe Shockwave versi\\u00f3n 12.2.7.197 y versiones anteriores tienen una vulnerabilidad de carga de librer\\u00eda insegura (secuestro de DLL). Una explotaci\\u00f3n exitosa podr\\u00eda conducir a escalada de privilegios.\"}]",
      "id": "CVE-2017-2983",
      "lastModified": "2024-11-21T03:24:35.103",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-03-14T16:59:00.163",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/96863\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.securitytracker.com/id/1037993\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"https://helpx.adobe.com/security/products/shockwave/apsb17-08.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/96863\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1037993\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://helpx.adobe.com/security/products/shockwave/apsb17-08.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@adobe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-426\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-2983\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2017-03-14T16:59:00.163\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege.\"},{\"lang\":\"es\",\"value\":\"Adobe Shockwave versi\u00f3n 12.2.7.197 y versiones anteriores tienen una vulnerabilidad de carga de librer\u00eda insegura (secuestro de DLL). Una explotaci\u00f3n exitosa podr\u00eda conducir a escalada de privilegios.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-426\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"12.2.7.197\",\"matchCriteriaId\":\"3D35B9AD-40AB-4819-9D86-8FC4FCF6E2A1\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/96863\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.securitytracker.com/id/1037993\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://helpx.adobe.com/security/products/shockwave/apsb17-08.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/96863\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1037993\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://helpx.adobe.com/security/products/shockwave/apsb17-08.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2017-04318

Vulnerability from cnvd - Published: 2017-04-12

Title

Adobe Shockwave Player特权提升漏洞

Description

Adobe Shockwave Player是美国奥多比（Adobe）公司的一款播放使用Macromedia和Adobe Director制作的网页内容的软件。 Adobe Shockwave Player存在特权提升漏洞。攻击者可利用此漏洞获取提升的权限。

Severity

中

Patch Name

Adobe Shockwave Player特权提升漏洞的补丁

Patch Description

Adobe Shockwave Player是美国奥多比（Adobe）公司的一款播放使用Macromedia和Adobe Director制作的网页内容的软件。 Adobe Shockwave Player存在特权提升漏洞。攻击者可利用此漏洞获取提升的权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://helpx.adobe.com/security/products/shockwave/apsb17-08.html

Reference

https://helpx.adobe.com/security/products/shockwave/apsb17-08.html https://nvd.nist.gov/vuln/detail/CVE-2017-2983 http://www.securityfocus.com/bid/96863

Impacted products

Name
Adobe Shockwave Player <=12.2.7.197

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "96863",
      "bidUrl": "http://www.securityfocus.com/bid/96863"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2983"
    }
  },
  "description": "Adobe Shockwave Player\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u64ad\u653e\u4f7f\u7528Macromedia\u548cAdobe Director\u5236\u4f5c\u7684\u7f51\u9875\u5185\u5bb9\u7684\u8f6f\u4ef6\u3002\r\n\r\nAdobe Shockwave Player\u5b58\u5728\u7279\u6743\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\u3002",
  "discovererName": "Nitesh Shilpkar",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://helpx.adobe.com/security/products/shockwave/apsb17-08.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-04318",
  "openTime": "2017-04-12",
  "patchDescription": "Adobe Shockwave Player\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u64ad\u653e\u4f7f\u7528Macromedia\u548cAdobe Director\u5236\u4f5c\u7684\u7f51\u9875\u5185\u5bb9\u7684\u8f6f\u4ef6\u3002\r\n\r\nAdobe Shockwave Player\u5b58\u5728\u7279\u6743\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Shockwave Player\u7279\u6743\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Adobe Shockwave Player \u003c=12.2.7.197"
  },
  "referenceLink": "https://helpx.adobe.com/security/products/shockwave/apsb17-08.html\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2983\r\nhttp://www.securityfocus.com/bid/96863",
  "serverity": "\u4e2d",
  "submitTime": "2017-03-15",
  "title": "Adobe Shockwave Player\u7279\u6743\u63d0\u5347\u6f0f\u6d1e"
}

GHSA-24FV-MMR6-7GC5

Vulnerability from github – Published: 2022-05-17 02:28 – Updated: 2022-05-17 02:28

Details

Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege.

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2983"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-14T16:59:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege.",
  "id": "GHSA-24fv-mmr6-7gc5",
  "modified": "2022-05-17T02:28:34Z",
  "published": "2022-05-17T02:28:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2983"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/shockwave/apsb17-08.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96863"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037993"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-2983

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege.

Aliases

CVE-2017-2983

Aliases

CVE-2017-2983

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2983",
    "description": "Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege.",
    "id": "GSD-2017-2983"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2983"
      ],
      "details": "Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege.",
      "id": "GSD-2017-2983",
      "modified": "2023-12-13T01:21:05.638039Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2017-2983",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Adobe Shockwave 12.2.7.197 and earlier.",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Adobe Shockwave 12.2.7.197 and earlier."
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Insecure Library Loading (DLL hijacking)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://helpx.adobe.com/security/products/shockwave/apsb17-08.html",
            "refsource": "CONFIRM",
            "url": "https://helpx.adobe.com/security/products/shockwave/apsb17-08.html"
          },
          {
            "name": "96863",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/96863"
          },
          {
            "name": "1037993",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037993"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.2.7.197",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2017-2983"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-426"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/shockwave/apsb17-08.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/shockwave/apsb17-08.html"
            },
            {
              "name": "96863",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/96863"
            },
            {
              "name": "1037993",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1037993"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-07-17T13:18Z",
      "publishedDate": "2017-03-14T16:59Z"
    }
  }
}

FKIE_CVE-2017-2983

Vulnerability from fkie_nvd - Published: 2017-03-14 16:59 - Updated: 2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege.

References

URL	Tags
psirt@adobe.com	http://www.securityfocus.com/bid/96863
psirt@adobe.com	http://www.securitytracker.com/id/1037993
psirt@adobe.com	https://helpx.adobe.com/security/products/shockwave/apsb17-08.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/96863
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037993
af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/shockwave/apsb17-08.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	adobe	shockwave_player	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D35B9AD-40AB-4819-9D86-8FC4FCF6E2A1",
              "versionEndIncluding": "12.2.7.197",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege."
    },
    {
      "lang": "es",
      "value": "Adobe Shockwave versi\u00f3n 12.2.7.197 y versiones anteriores tienen una vulnerabilidad de carga de librer\u00eda insegura (secuestro de DLL). Una explotaci\u00f3n exitosa podr\u00eda conducir a escalada de privilegios."
    }
  ],
  "id": "CVE-2017-2983",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-14T16:59:00.163",
  "references": [
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/bid/96863"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securitytracker.com/id/1037993"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/shockwave/apsb17-08.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/96863"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037993"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/shockwave/apsb17-08.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2017-AVI-078

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Adobe Shockwave Player. Elle permet à un attaquant de provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Adobe Shockwave Player versions 12.2.7.197 et antérieures sur Windows

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB17-08 du 14 mars 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eAdobe Shockwave Player versions 12.2.7.197 et ant\u00e9rieures sur  Windows\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-2983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2983"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-078",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-03-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eAdobe\nShockwave Player\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Shockwave Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB17-08 du 14 mars 2017",
      "url": "https://helpx.adobe.com/security/products/shockwave/apsb17-08.html"
    }
  ]
}

CERTFR-2017-AVI-078

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Adobe Shockwave Player. Elle permet à un attaquant de provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Adobe Shockwave Player versions 12.2.7.197 et antérieures sur Windows

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB17-08 du 14 mars 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eAdobe Shockwave Player versions 12.2.7.197 et ant\u00e9rieures sur  Windows\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-2983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2983"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-078",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-03-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eAdobe\nShockwave Player\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Shockwave Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB17-08 du 14 mars 2017",
      "url": "https://helpx.adobe.com/security/products/shockwave/apsb17-08.html"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-2983 (GCVE-0-2017-2983)

CNVD-2017-04318

GHSA-24FV-MMR6-7GC5

GSD-2017-2983

FKIE_CVE-2017-2983

CERTFR-2017-AVI-078

Solution

CERTFR-2017-AVI-078

Solution

Tags

Sightings

Nomenclature