CVE-2017-11294 – This is a critical memory corruption vulnerabil... (How to Fix)

Q: What is the severity of CVE-2017-11294?

CVE-2017-11294 has a CVSS score of 9.8 (CRITICAL). This is a critical memory corruption vulnerability in Adobe Shockwave that allows attackers to execute arbitrary code on affected systems. Anyone using Shockwave 12.2.9.199 or earlier versions is vulnerable to remote code execution attacks.

📋 TL;DR

This is a critical memory corruption vulnerability in Adobe Shockwave that allows attackers to execute arbitrary code on affected systems. Anyone using Shockwave 12.2.9.199 or earlier versions is vulnerable to remote code execution attacks.

💻 Affected Systems

Products:

Adobe Shockwave Player

Versions: 12.2.9.199 and earlier

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. Shockwave is often installed as a browser plugin.

📦 What is this software?

Shockwave by Adobe

View all CVEs affecting Shockwave →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the victim's computer, enabling data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Remote code execution leading to malware installation, credential theft, or system compromise when users visit malicious websites or open crafted Shockwave content.

🟢

If Mitigated

Limited impact with proper patching and security controls, potentially only affecting isolated systems with restricted privileges.

🌐 Internet-Facing: HIGH - Shockwave content is commonly delivered via web browsers, making internet-facing systems highly vulnerable to drive-by attacks.

🏢 Internal Only: MEDIUM - Internal systems could be compromised through phishing emails or malicious internal web content.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Memory corruption vulnerabilities in widely deployed media players are frequently weaponized in exploit kits and phishing campaigns.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 12.3.0.195 or later

Vendor Advisory: https://helpx.adobe.com/security/products/shockwave/apsb17-40.html

Restart Required: Yes

Instructions:

1. Open Adobe Shockwave Player. 2. Go to Help > Check for Updates. 3. Follow prompts to install version 12.3.0.195 or later. 4. Restart browser/system. Alternatively, download from Adobe's website.

🔧 Temporary Workarounds

Disable Shockwave in browsers

all

Prevent Shockwave content from executing in web browsers

Browser-specific: Disable Shockwave plugin/add-on in browser settings

Uninstall Shockwave Player

all

Remove vulnerable software entirely

Windows: Control Panel > Programs > Uninstall Adobe Shockwave Player
macOS: Drag Adobe Shockwave Player to Trash

🧯 If You Can't Patch

Implement application whitelisting to block Shockwave execution
Use network segmentation to isolate systems with Shockwave from critical assets

🔍 How to Verify

Check if Vulnerable:

Open Shockwave Player > Help > About Adobe Shockwave Player. Check if version is 12.2.9.199 or earlier.

Check Version:

Windows: reg query "HKLM\SOFTWARE\Adobe\Shockwave Player" /v Version

Verify Fix Applied:

Verify version is 12.3.0.195 or later in About dialog. Test with known safe Shockwave content.

📡 Detection & Monitoring

Log Indicators:

Unexpected Shockwave process crashes
Memory access violations in application logs
Browser plugin crashes with Shockwave content

Network Indicators:

HTTP requests for .swf files from suspicious domains
Unusual outbound connections after Shockwave execution

SIEM Query:

process_name:"Shockwave.exe" AND (event_type:crash OR memory_violation)

📊 Metadata

CVE ID: CVE-2017-11294

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: December 9, 2017

Last Updated: April 20, 2025

🔗 References

http://www.securityfocus.com/bid/101836 Third Party Advisory,VDB Entry
http://www.securitytracker.com/id/1039784 Third Party Advisory,VDB Entry
https://helpx.adobe.com/security/products/shockwave/apsb17-40.html Vendor Advisory
http://www.securityfocus.com/bid/101836 Third Party Advisory,VDB Entry
http://www.securitytracker.com/id/1039784 Third Party Advisory,VDB Entry
https://helpx.adobe.com/security/products/shockwave/apsb17-40.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-11294, you might also want to check these: