CVE-2019-7104 – Adobe Shockwave Player versions 12.3.4.204 and ... (How to Fix)

Q: What is the severity of CVE-2019-7104?

CVE-2019-7104 has a CVSS score of 9.8 (CRITICAL). Adobe Shockwave Player versions 12.3.4.204 and earlier contain a memory corruption vulnerability that allows attackers to execute arbitrary code on affected systems. This affects users who have Shockwave Player installed and visit malicious websites or open malicious Shockwave content. The vulnerability is particularly dangerous because it can be exploited without user interaction beyond normal browsing.

📋 TL;DR

Adobe Shockwave Player versions 12.3.4.204 and earlier contain a memory corruption vulnerability that allows attackers to execute arbitrary code on affected systems. This affects users who have Shockwave Player installed and visit malicious websites or open malicious Shockwave content. The vulnerability is particularly dangerous because it can be exploited without user interaction beyond normal browsing.

💻 Affected Systems

Products:

Adobe Shockwave Player

Versions: 12.3.4.204 and earlier

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. Shockwave Player is typically installed as a browser plugin.

📦 What is this software?

Shockwave Player by Adobe

View all CVEs affecting Shockwave Player →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the victim's computer, enabling data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Drive-by download attacks where visiting a compromised website leads to malware installation, credential theft, or system compromise.

🟢

If Mitigated

No impact if Shockwave Player is not installed or properly patched, or if systems are isolated from internet browsing.

🌐 Internet-Facing: HIGH - Shockwave content is typically delivered via web browsers, making internet-facing systems highly vulnerable to drive-by attacks.

🏢 Internal Only: MEDIUM - Internal systems could be compromised through malicious internal websites or email attachments, but attack surface is smaller.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Memory corruption vulnerabilities in browser plugins are frequently weaponized in exploit kits. The high CVSS score and public advisory make this an attractive target.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 12.3.5.205 or later

Vendor Advisory: https://helpx.adobe.com/security/products/shockwave/apsb19-20.html

Restart Required: Yes

Instructions:

1. Open Adobe Shockwave Player. 2. Go to Help > Check for Updates. 3. Follow prompts to install version 12.3.5.205 or later. 4. Restart your browser and computer. Alternatively, download the latest version from Adobe's website.

🔧 Temporary Workarounds

Disable Shockwave Player in browsers

all

Prevent Shockwave content from executing in web browsers

For Chrome: chrome://settings/content/flash
For Firefox: about:addons > Plugins > Shockwave Flash > Never Activate
For Edge: edge://settings/content/flash

Uninstall Shockwave Player

all

Completely remove the vulnerable software

Windows: Control Panel > Programs > Uninstall a program > Adobe Shockwave Player
macOS: Drag Adobe Shockwave Player to Trash from Applications folder

🧯 If You Can't Patch

Implement application whitelisting to prevent Shockwave Player execution
Use network segmentation to isolate systems with Shockwave Player from internet access

🔍 How to Verify

Check if Vulnerable:

Open Shockwave Player > Help > About Adobe Shockwave Player. If version is 12.3.4.204 or earlier, system is vulnerable.

Check Version:

On Windows: reg query "HKLM\SOFTWARE\Adobe\Shockwave Player" /v Version

Verify Fix Applied:

Check that Shockwave Player version is 12.3.5.205 or later in Help > About Adobe Shockwave Player.

📡 Detection & Monitoring

Log Indicators:

Browser crash logs mentioning Shockwave or swflash.dll
Windows Event Logs with Application Error for Shockwave Player

Network Indicators:

HTTP requests for .swf files followed by unusual outbound connections
Traffic patterns matching known exploit kits

SIEM Query:

source="*browser*" AND ("Shockwave" OR "swflash" OR ".swf") AND ("crash" OR "error" OR "exception")

📊 Metadata

CVE ID: CVE-2019-7104

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: May 23, 2019

Last Updated: November 21, 2024

🔗 References

https://helpx.adobe.com/security/products/shockwave/apsb19-20.html Patch,Vendor Advisory
https://helpx.adobe.com/security/products/shockwave/apsb19-20.html Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-7104, you might also want to check these: