Arbitrary Signed Xtras Installation Vulnerability in Adobe Shockwave Player

CVE-2012-6271 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an outdated Xtra.

Learn more about our Web Application Penetration Testing UK.