CVE-2019-7100
📋 TL;DR
Adobe Shockwave Player versions 12.3.4.204 and earlier contain a memory corruption vulnerability that allows attackers to execute arbitrary code on affected systems. This affects users who have Shockwave Player installed and visit malicious websites or open malicious Shockwave content. The vulnerability is particularly dangerous because it can be exploited without user interaction beyond visiting a compromised webpage.
💻 Affected Systems
- Adobe Shockwave Player
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining complete control over the victim's computer, enabling data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Remote code execution leading to malware installation, credential theft, or system compromise when users visit malicious websites containing Shockwave content.
If Mitigated
Limited impact if systems are fully patched, have application whitelisting, or Shockwave Player is disabled/uninstalled.
🎯 Exploit Status
The vulnerability can be exploited through malicious Shockwave files (.swf) embedded in web pages. No authentication or user interaction beyond visiting a webpage is required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 12.3.5.205
Vendor Advisory: https://helpx.adobe.com/security/products/shockwave/apsb19-20.html
Restart Required: Yes
Instructions:
1. Open Adobe Shockwave Player
2. Go to Help > Check for Updates
3. Follow prompts to install version 12.3.5.205 or later
4. Restart your browser and computer
🔧 Temporary Workarounds
Disable Shockwave Player in browsers
allPrevent Shockwave content from executing in web browsers
For Chrome: chrome://settings/content/flash
For Firefox: about:addons > Plugins > Shockwave Flash > Never Activate
For Edge: edge://settings/content/flash
Uninstall Shockwave Player
allCompletely remove Shockwave Player from the system
Windows: Control Panel > Programs > Uninstall a program > Adobe Shockwave Player
macOS: Drag Adobe Shockwave Player from Applications folder to Trash
🧯 If You Can't Patch
- Disable or uninstall Shockwave Player completely
- Implement application whitelisting to block Shockwave Player execution
- Use network filtering to block Shockwave content (.swf files) at the perimeter
🔍 How to Verify
Check if Vulnerable:
Check Shockwave Player version: Open Shockwave Player > Help > About Adobe Shockwave Player. If version is 12.3.4.204 or earlier, system is vulnerable.Check Version:
Windows: reg query "HKLM\SOFTWARE\Adobe\Shockwave Player" /v Version | macOS: defaults read /Library/Internet\ Plug-Ins/Shockwave\ Player.plugin/Contents/Info.plist CFBundleVersionVerify Fix Applied:
Verify version is 12.3.5.205 or later in About Adobe Shockwave Player dialog.📡 Detection & Monitoring
Log Indicators:
- Shockwave Player crash logs
- Browser crash reports involving Shockwave content
- Unexpected Shockwave Player process execution
Network Indicators:
- HTTP requests for .swf files from suspicious domains
- Unusual outbound connections following Shockwave content loading
SIEM Query:
source="*shockwave*" OR process="Shockwave*" AND (event_type="crash" OR event_type="execution")