Published: 13/05/2010 Updated: 16/09/2022

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Adobe Shockwave Player prior to 11.5.7.609 allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe shockwave_player

/* Title: Adobe Shockwave Player 1156606 (DIR) Multiple Memory Vulnerabilities Vendor: Adobe Systems Incorporated Product web page: wwwadobecom Summary: Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player These people now have access to some of the best the Web has to offer - including dazzlin ...

Shockwave Player versions 1156606 and below from Adobe suffer from memory consumption / corruption and buffer overflow vulnerabilities that can aid the attacker in causing a denial of service scenario and arbitrary code execution The vulnerable software fails to sanitize user input when processing dir files resulting in a crash and overwrite o ...

CWE-787 http://www.vupen.com/english/advisories/2010/1128 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html http://www.zeroscience.mk/codes/shockwave_mem.txt http://secunia.com/advisories/38751 http://www.adobe.com/support/security/bulletins/apsb10-12.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7184 http://www.securityfocus.com/archive/1/511257/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/12578/

CVE-2010-1280

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect