9.3
CVE-2010-0129
- EPSS 6.3%
- Veröffentlicht 13.05.2010 17:30:01
- Zuletzt bearbeitet 16.06.2026 23:15:32
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.3% | 0.927 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
http://secunia.com/advisories/38751
http://www.adobe.com/support/security/bulletins/apsb10-12.html
http://www.vupen.com/english/advisories/2010/1128
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html
http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869
http://secunia.com/secunia_research/2010-20/
http://www.securityfocus.com/archive/1/511256/100/0/threaded
http://www.securityfocus.com/archive/1/511262/100/0/threaded
http://www.securityfocus.com/bid/40082
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7134