CVE-2012-4176

critical

Published 2012-10-23 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

Array index error in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@adobe.com — http://www.adobe.com/support/security/bulletins/apsb12-23.html

Application impact

Vendor	Product	Versions
adobe	shockwave_player	`{"endIncluding":"11.6.7.637"}`
adobe	shockwave_player	`1.0`
adobe	shockwave_player	`2.0`
adobe	shockwave_player	`3.0`
adobe	shockwave_player	`4.0`
adobe	shockwave_player	`5.0`
adobe	shockwave_player	`6.0`
adobe	shockwave_player	`8.0`
adobe	shockwave_player	`8.0.196`
adobe	shockwave_player	`8.0.196a`
adobe	shockwave_player	`8.0.204`
adobe	shockwave_player	`8.0.205`
adobe	shockwave_player	`8.5.1`
adobe	shockwave_player	`8.5.1.100`
adobe	shockwave_player	`8.5.1.103`
adobe	shockwave_player	`8.5.1.105`
adobe	shockwave_player	`8.5.1.106`
adobe	shockwave_player	`8.5.321`
adobe	shockwave_player	`8.5.323`
adobe	shockwave_player	`8.5.324`
adobe	shockwave_player	`8.5.325`
adobe	shockwave_player	`9.0.383`
adobe	shockwave_player	`9.0.432`
adobe	shockwave_player	`10.0.0.210`
adobe	shockwave_player	`10.0.1.004`
adobe	shockwave_player	`10.1.0.11`
adobe	shockwave_player	`10.1.0.011`
adobe	shockwave_player	`10.1.1.016`
adobe	shockwave_player	`10.1.4.020`
adobe	shockwave_player	`10.2.0.021`
adobe	shockwave_player	`10.2.0.022`
adobe	shockwave_player	`10.2.0.023`
adobe	shockwave_player	`11.0.0.456`
adobe	shockwave_player	`11.0.3.471`
adobe	shockwave_player	`11.5.0.595`
adobe	shockwave_player	`11.5.0.596`
adobe	shockwave_player	`11.5.1.601`
adobe	shockwave_player	`11.5.2.602`
adobe	shockwave_player	`11.5.6.606`
adobe	shockwave_player	`11.5.7.609`
adobe	shockwave_player	`11.5.8.612`
adobe	shockwave_player	`11.5.9.615`
adobe	shockwave_player	`11.5.9.620`
adobe	shockwave_player	`11.5.10.620`
adobe	shockwave_player	`11.6.0.626`
adobe	shockwave_player	`11.6.1.629`
adobe	shockwave_player	`11.6.3.633`
adobe	shockwave_player	`11.6.4.634`
adobe	shockwave_player	`11.6.5.635`
adobe	shockwave_player	`11.6.6.636`

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.