CVE-2012-4176

Name: CVE-2012-4176
Creator: NVD / NIST
Published: 2012-10-23T23:55:01.627+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 7.32%

Last modified Jun 16, 2026

CVE-2012-4176 is a vulnerability of currently unknown severity. Array index error in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors.. EPSS estimates a 7.32% chance of exploitation in the next 30 days.

Description

Array index error in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors.

Metrics

EPSS Probability

7.32%

93.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Adobe	Shockwave Player	<= 11.6.7.637
Adobe	Shockwave Player	1.0
Adobe	Shockwave Player	2.0
Adobe	Shockwave Player	3.0
Adobe	Shockwave Player	4.0
Adobe	Shockwave Player	5.0
Adobe	Shockwave Player	6.0
Adobe	Shockwave Player	8.0
Adobe	Shockwave Player	8.0.196
Adobe	Shockwave Player	8.0.196a
Adobe	Shockwave Player	8.0.204
Adobe	Shockwave Player	8.0.205
Adobe	Shockwave Player	8.5.1
Adobe	Shockwave Player	8.5.1.100
Adobe	Shockwave Player	8.5.1.103
Adobe	Shockwave Player	8.5.1.105
Adobe	Shockwave Player	8.5.1.106
Adobe	Shockwave Player	8.5.321
Adobe	Shockwave Player	8.5.323
Adobe	Shockwave Player	8.5.324
Adobe	Shockwave Player	8.5.325
Adobe	Shockwave Player	9.0.383
Adobe	Shockwave Player	9.0.432
Adobe	Shockwave Player	10.0.0.210
Adobe	Shockwave Player	10.0.1.004
Adobe	Shockwave Player	10.1.0.11
Adobe	Shockwave Player	10.1.0.011
Adobe	Shockwave Player	10.1.1.016
Adobe	Shockwave Player	10.1.4.020
Adobe	Shockwave Player	10.2.0.021
Adobe	Shockwave Player	10.2.0.022
Adobe	Shockwave Player	10.2.0.023
Adobe	Shockwave Player	11.0.0.456
Adobe	Shockwave Player	11.0.3.471
Adobe	Shockwave Player	11.5.0.595
Adobe	Shockwave Player	11.5.0.596
Adobe	Shockwave Player	11.5.1.601
Adobe	Shockwave Player	11.5.2.602
Adobe	Shockwave Player	11.5.6.606
Adobe	Shockwave Player	11.5.7.609
Adobe	Shockwave Player	11.5.8.612
Adobe	Shockwave Player	11.5.9.615
Adobe	Shockwave Player	11.5.9.620
Adobe	Shockwave Player	11.5.10.620
Adobe	Shockwave Player	11.6.0.626
Adobe	Shockwave Player	11.6.1.629
Adobe	Shockwave Player	11.6.3.633
Adobe	Shockwave Player	11.6.4.634
Adobe	Shockwave Player	11.6.5.635
Adobe	Shockwave Player	11.6.6.636

References

http://osvdb.org/86542
http://www.adobe.com/support/security/bulletins/apsb12-23.htmlPatch, Vendor Advisory
http://www.kb.cert.org/vuls/id/872545US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/79548
http://osvdb.org/86542
http://www.adobe.com/support/security/bulletins/apsb12-23.htmlPatch, Vendor Advisory
http://www.kb.cert.org/vuls/id/872545US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/79548

Timeline

Published: Oct 23, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-4176?

Array index error in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors.

How severe is CVE-2012-4176?

Severity scoring for CVE-2012-4176 is pending analysis. The EPSS model estimates a 7.32% probability of exploitation in the next 30 days.

How do I fix CVE-2012-4176?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-4176?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST