CVE-2010-2869

EPSS 7.97%
Published 26.08.2010 21:00:01
Last modified 11.04.2025 00:51:21
Source psirt@adobe.com
Teams watchlist Login
Open Login

IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3712 of a certain file.

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Shockwave Player Version <= 11.5.7.609

Adobe ≫ Shockwave Player Version1.0

Adobe ≫ Shockwave Player Version2.0

Adobe ≫ Shockwave Player Version3.0

Adobe ≫ Shockwave Player Version4.0

Adobe ≫ Shockwave Player Version5.0

Adobe ≫ Shockwave Player Version6.0

Adobe ≫ Shockwave Player Version8.0

Adobe ≫ Shockwave Player Version8.0.196

Adobe ≫ Shockwave Player Version8.0.196a

Adobe ≫ Shockwave Player Version8.0.204

Adobe ≫ Shockwave Player Version8.0.205

Adobe ≫ Shockwave Player Version8.5.1

Adobe ≫ Shockwave Player Version8.5.1.100

Adobe ≫ Shockwave Player Version8.5.1.103

Adobe ≫ Shockwave Player Version8.5.1.105

Adobe ≫ Shockwave Player Version8.5.1.106

Adobe ≫ Shockwave Player Version8.5.321

Adobe ≫ Shockwave Player Version8.5.323

Adobe ≫ Shockwave Player Version8.5.324

Adobe ≫ Shockwave Player Version8.5.325

Adobe ≫ Shockwave Player Version9

Adobe ≫ Shockwave Player Version9.0.383

Adobe ≫ Shockwave Player Version9.0.432

Adobe ≫ Shockwave Player Version10.0.0.210

Adobe ≫ Shockwave Player Version10.0.1.004

Adobe ≫ Shockwave Player Version10.1.0.11

Adobe ≫ Shockwave Player Version10.1.0.011

Adobe ≫ Shockwave Player Version10.1.1.016

Adobe ≫ Shockwave Player Version10.1.4.020

Adobe ≫ Shockwave Player Version10.2.0.021

Adobe ≫ Shockwave Player Version10.2.0.022

Adobe ≫ Shockwave Player Version10.2.0.023

Adobe ≫ Shockwave Player Version11.0.0.456

Adobe ≫ Shockwave Player Version11.0.3.471

Adobe ≫ Shockwave Player Version11.5.0.595

Adobe ≫ Shockwave Player Version11.5.0.596

Adobe ≫ Shockwave Player Version11.5.1.601

Adobe ≫ Shockwave Player Version11.5.2.602

Adobe ≫ Shockwave Player Version11.5.6.606

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	7.97%	0.912

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.adobe.com/support/security/bulletins/apsb10-20.html

Patch

Vendor Advisory

http://www.securitytracker.com/id?1024361

http://www.vupen.com/english/advisories/2010/2176

http://www.securityfocus.com/archive/1/513329/100/0/threaded

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11983

https://nvd.nist.gov/vuln/detail/CVE-2010-2869

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2869

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2869

EUVD