All the vulnerabilites related to adobe - director
Vulnerability from fkie_nvd
Published
2010-05-13 17:30
Modified
2024-11-21 01:11
Severity ?
Summary
Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58C4FCAB-2330-4C95-A969-D2AEBDFA7186",
"versionEndExcluding": "11.5.7.609",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "568143B8-4800-4BCE-86DD-B9E410509C48",
"versionEndIncluding": "11.5.6.606",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C56F007-5F8E-4BDD-A803-C907BCC0AF55",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation."
},
{
"lang": "es",
"value": "Error de presencia de signo entero en dirapi.dll en Adobe Shockwave Player en versiones anteriores a la 11.5.7.609 y Adobe Director en versiones anteriores a la 11.5.7.609 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero .dir (tambi\u00e9n conocido como Director) manipulado que dispara una operaci\u00f3n de lectura inv\u00e1lida."
}
],
"evaluatorSolution": "Per: http://www.adobe.com/support/security/bulletins/apsb10-12.html\r\n\r\n\u0027Adobe recommends users of Adobe Shockwave Player 11.5.6.606 and earlier versions update to Adobe Shockwave Player 11.5.7.609\u0027",
"id": "CVE-2010-0128",
"lastModified": "2024-11-21T01:11:35.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-05-13T17:30:01.780",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38751"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2010-19/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Broken Link"
],
"url": "http://www.coresecurity.com/content/adobe-director-invalid-read"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/511240/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/511261/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1128"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2010-19/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.coresecurity.com/content/adobe-director-invalid-read"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/511240/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/511261/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7273"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:04
Severity ?
Summary
Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | captivate | * | |
| adobe | contribute | 2 | |
| adobe | contribute | 3 | |
| adobe | director | * | |
| adobe | dreamweaver | 9.0 | |
| adobe | elicensing | * | |
| adobe | fireworks | 9.0 | |
| adobe | flash_player | * | |
| adobe | flash_player | * | |
| adobe | freehand | mx | |
| adobe | studio | mx |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:captivate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62F9591A-A127-4302-97CE-722E492A8602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:contribute:2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDB544B-76EC-49C0-94B1-E0035207A68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:contribute:3:*:*:*:*:*:*:*",
"matchCriteriaId": "F52C901F-914B-47A1-A160-CADF9DC899A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F6AC4F1-DE3D-4873-90BE-2AE1E3E60F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:dreamweaver:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C183915-BF83-4446-90DF-3A2CE49BCE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:elicensing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9602D186-D707-484E-B31D-8C15D85EDC70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:fireworks:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D06FAD9-2CC0-4AAC-A2B5-6D118D00D7A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F901FB44-DC26-4284-B160-EE4A4F8F9DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:*:*:pro:*:*:*:*:*",
"matchCriteriaId": "C01FF7CE-BAD6-4539-A457-DABE0F21895A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:freehand:mx:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BD6F32-57BE-4EB4-A2B8-043A8B28369C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:studio:mx:*:*:*:*:*:*:*",
"matchCriteriaId": "3832577A-42EB-4C8F-878C-BFAF8479BAB4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System."
}
],
"id": "CVE-2005-4708",
"lastModified": "2024-11-21T00:04:59.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/15654"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014158"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014159"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014160"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014161"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014162"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014163"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014164"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014165"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014166"
},
{
"source": "cve@mitre.org",
"url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/953860"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/17248"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13925"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/0723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/15654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/953860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/17248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/0723"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2010-0128
Vulnerability from cvelistv5
Published
2010-05-13 17:00
Modified
2024-08-07 00:37
Severity ?
EPSS score ?
Summary
Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/38751 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.coresecurity.com/content/adobe-director-invalid-read | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/511261/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.adobe.com/support/security/bulletins/apsb10-12.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/511240/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2010/1128 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/secunia_research/2010-19/ | x_refsource_MISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7273 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:53.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38751"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/adobe-director-invalid-read"
},
{
"name": "20100512 Secunia Research: Adobe Shockwave Player Signedness Error Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511261/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"name": "20100511 [CORE-2010-0405] Adobe Director Invalid Read",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511240/100/0/threaded"
},
{
"name": "ADV-2010-1128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1128"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2010-19/"
},
{
"name": "oval:org.mitre.oval:def:7273",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "38751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38751"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/adobe-director-invalid-read"
},
{
"name": "20100512 Secunia Research: Adobe Shockwave Player Signedness Error Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511261/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"name": "20100511 [CORE-2010-0405] Adobe Director Invalid Read",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511240/100/0/threaded"
},
{
"name": "ADV-2010-1128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1128"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2010-19/"
},
{
"name": "oval:org.mitre.oval:def:7273",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7273"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-0128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38751"
},
{
"name": "http://www.coresecurity.com/content/adobe-director-invalid-read",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/adobe-director-invalid-read"
},
{
"name": "20100512 Secunia Research: Adobe Shockwave Player Signedness Error Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511261/100/0/threaded"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"name": "20100511 [CORE-2010-0405] Adobe Director Invalid Read",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511240/100/0/threaded"
},
{
"name": "ADV-2010-1128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1128"
},
{
"name": "http://secunia.com/secunia_research/2010-19/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-19/"
},
{
"name": "oval:org.mitre.oval:def:7273",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7273"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2010-0128",
"datePublished": "2010-05-13T17:00:00",
"dateReserved": "2010-01-04T00:00:00",
"dateUpdated": "2024-08-07T00:37:53.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4708
Vulnerability from cvelistv5
Published
2006-02-02 11:00
Modified
2024-08-07 23:53
Severity ?
EPSS score ?
Summary
Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014162",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014162"
},
{
"name": "1014161",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014161"
},
{
"name": "1014165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014165"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
},
{
"name": "20060131 Windows Access Control Demystified",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
},
{
"name": "VU#953860",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/953860"
},
{
"name": "1014166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014166"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
},
{
"name": "1014159",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014159"
},
{
"name": "17248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17248"
},
{
"name": "1014163",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014163"
},
{
"name": "1014164",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014164"
},
{
"name": "ADV-2005-0723",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0723"
},
{
"name": "15654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15654"
},
{
"name": "1014158",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014158"
},
{
"name": "1014160",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014160"
},
{
"name": "13925",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014162",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014162"
},
{
"name": "1014161",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014161"
},
{
"name": "1014165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014165"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
},
{
"name": "20060131 Windows Access Control Demystified",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
},
{
"name": "VU#953860",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/953860"
},
{
"name": "1014166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014166"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
},
{
"name": "1014159",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014159"
},
{
"name": "17248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17248"
},
{
"name": "1014163",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014163"
},
{
"name": "1014164",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014164"
},
{
"name": "ADV-2005-0723",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0723"
},
{
"name": "15654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15654"
},
{
"name": "1014158",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014158"
},
{
"name": "1014160",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014160"
},
{
"name": "13925",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13925"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014162",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014162"
},
{
"name": "1014161",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014161"
},
{
"name": "1014165",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014165"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
},
{
"name": "20060131 Windows Access Control Demystified",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
},
{
"name": "VU#953860",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/953860"
},
{
"name": "1014166",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014166"
},
{
"name": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf",
"refsource": "MISC",
"url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
},
{
"name": "1014159",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014159"
},
{
"name": "17248",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17248"
},
{
"name": "1014163",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014163"
},
{
"name": "1014164",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014164"
},
{
"name": "ADV-2005-0723",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0723"
},
{
"name": "15654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15654"
},
{
"name": "1014158",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014158"
},
{
"name": "1014160",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014160"
},
{
"name": "13925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13925"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4708",
"datePublished": "2006-02-02T11:00:00",
"dateReserved": "2006-02-02T00:00:00",
"dateUpdated": "2024-08-07T23:53:28.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201005-0051
Vulnerability from variot
Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation. Adobe Shockwave Player is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Adobe Shockwave Player 11.5.6.606 and prior are vulnerable.
NOTE: This issue was previously discussed in BID 40066 (Adobe Shockwave Player APSB10-12 Multiple Remote Vulnerabilities) but has been given its own record to better document it. The vulnerable software fails to sanitize user input when processing .dir files resulting in a crash and overwrite of a few memory registers.
-------------------------------------------------------------------------------- (f94.ae4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=20a0a0a0 ebx=207d004c ecx=00000400 edx=41414140 esi=00000000 edi=a80487d8
eip=68008bd6 esp=0012de4c ebp=00000400 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00050206
*** WARNING: Unable to verify checksum for C:\Program Files\Adobe\Adobe Director 11\DIRAPI.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for DIRAPI.dll -
DIRAPI!Ordinal14+0x3b16:
68008bd6 2b4f04 sub ecx,dword ptr [edi+4] ds:0023:a80487dc=????????
-----------------------
EAX FFFFFFFF
ECX 41414141
EDX FFFFFFFF
EBX 00000018
ESP 0012F3B4
EBP 02793578
ESI 0012F3C4
EDI 02793578
EIP 69009F1F IML32.69009F1F
--------------------------------------------------------------------------------
Tested on: Microsoft Windows XP Professional SP3 (English). ----------------------------------------------------------------------
Looking for a job?
Secunia is hiring skilled researchers and talented developers.
1) A boundary error while processing FFFFFF45h Shockwave 3D blocks can be exploited to corrupt memory.
2) A signedness error in the processing of Director files can be exploited to corrupt memory.
3) An array indexing error when processing Director files can be exploited to corrupt memory.
4) An integer overflow error when processing Director files can be exploited to corrupt memory.
5) An error when processing asset entries contained in Director files can be exploited to corrupt memory.
6) A boundary error when processing embedded fonts can be exploited to cause a heap-based buffer overflow via a specially crafted Director file.
7) An error when processing Director files can be exploited to overwrite 4 bytes of memory.
8) An error in the implementation of ordinal function 1409 in iml32.dll can be exploited to corrupt heap memory via a specially crafted Director file.
9) An error when processing a 4-byte field inside FFFFFF49h Shockwave 3D blocks can be exploited to corrupt heap memory.
10) An unspecified error can be exploited to corrupt memory.
11) A second unspecified error can be exploited to corrupt memory.
12) A third unspecified error can be exploited to corrupt memory.
13) A fourth unspecified error can be exploited to cause a buffer overflow.
14) A fifth unspecified error can be exploited to corrupt memory.
15) A sixth unspecified error can be exploited to corrupt memory.
16) A seventh unspecified error can be exploited to corrupt memory.
17) An error when processing signed values encountered while parsing "pami" RIFF chunks can be exploited to corrupt memory.
The vulnerabilities are reported in versions 11.5.6.606 and prior on Windows and Macintosh.
SOLUTION: Update to version 11.5.7.609. 3) Chaouki Bekrar of Vupen, Code Audit Labs, and an anonymous person working with iDefense. 7) Chaouki Bekrar and Sebastien Renaud of Vupen, Code Audit Labs, Gjoko Krstic of Zero Science Lab, and Chro HD of Fortinet's FortiGuard Labs. 8, 17) an anonymous person working with ZDI. 9) Chaouki Bekrar of Vupen and an anonymous person working with ZDI. 10) Chaouki Bekrar of Vupen. 11-16) Chro HD of Fortinet's FortiGuard Labs.
CHANGELOG: 2010-05-12: Updated "Extended Description" and added PoCs for vulnerabilities #2, #3, #4, and #6.
ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb10-12.html
Secunia Research: http://secunia.com/secunia_research/2010-17/ http://secunia.com/secunia_research/2010-19/ http://secunia.com/secunia_research/2010-20/ http://secunia.com/secunia_research/2010-22/ http://secunia.com/secunia_research/2010-34/ http://secunia.com/secunia_research/2010-50/
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-087/ http://www.zerodayinitiative.com/advisories/ZDI-10-088/ http://www.zerodayinitiative.com/advisories/ZDI-10-089/
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869
Code Audit Labs: http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html
Zero Science Lab: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php
Core Security Technologies: http://www.coresecurity.com/content/adobe-director-invalid-read
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
====================================================================== 2) Severity
Rating: Highly critical Impact: System access Where: From remote
====================================================================== 3) Vendor's Description of Software
"Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. ".dir") is opened.
====================================================================== 6) Time Table
03/03/2010 - Vendor notified. 12/05/2010 - Public disclosure.
====================================================================== 8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2010-0128 for the vulnerability.
====================================================================== 9) About Secunia
Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
====================================================================== 10) Verification
Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2010-19/
Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/
======================================================================
Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/
Adobe Director DIRAPI.DLL Invalid Read Vulnerability
- Advisory Information
Title: Adobe Director DIRAPI.DLL Invalid Read Vulnerability Advisory Id: CORE-2010-0405 Advisory URL: [http://www.coresecurity.com/content/adobe-director-invalid-read] Date published: 2010-05-11 Date of last update: 2010-05-11 Vendors contacted: Adobe Release mode: Coordinated release
- Vulnerability Information
Class: Input validation error [CWE-20] Impact: Denial of service Remotely Exploitable: Yes (client-side) Locally Exploitable: No CVE Name: CVE-2010-0128 Bugtraq ID: N/A
- Vulnerability Description
Adobe Director is prone to a vulnerability due to an invalid read in 'DIRAPI.DLL', when opening a malformed .dir file.
- Vulnerable packages
. Adobe Director 11.5 . Adobe Director 11 (Version: 11.0.0.426)
- Non-vulnerable packages
. Adobe Director 11.5 (Version: 11.5.7.609)
-
Solutions and Workarounds
See the Adobe Security Bulletin [1] available at [http://www.adobe.com/go/apsb10-12/].
-
Credits
This vulnerability was discovered and researched by Nahuel Riva, from Core Security Technologies. Publication was coordinated by Jorge Lucangeli Obes.
- Technical Description
The vulnerability occurs at offset '0x68174813' of the 'dirapi.dll' module of Adobe Director. Improper validation of input data leads to a crash in the memory read instruction. This vulnerability could result in arbitrary code execution, although it was not verified.
/----- App: Adobe Director 11 Version: 11.0.0.426 Module crash: Dirapi.dll Version: 11.0.0.426
Crash:
68174813 |. 8906 |MOV DWORD PTR DS:[ESI],EAX
68174815 |> 8B4C24 14 |MOV ECX,DWORD PTR SS:[ESP+14]
68174819 |. 51 |PUSH ECX
6817481A |. E8 3197F5FF |CALL
EAX=00000000 DS:[02889B20]=???
Registers: EAX 00000000 ECX 00000068 EDX 00000001 EBX FFE4B4D4 ESP 0012DFB8 EBP 0000373D ESI 02889B20 EDI 01BC9964 EIP 68174813 DIRAPI.68174813 C 0 ES 0023 32bit 0(FFFFFFFF) P 1 CS 001B 32bit 0(FFFFFFFF) A 0 SS 0023 32bit 0(FFFFFFFF) Z 1 DS 0023 32bit 0(FFFFFFFF) S 0 FS 003B 32bit 7FFDD000(FFF) T 0 GS 0000 NULL D 0 O 0 LastErr ERROR_NEGATIVE_SEEK (00000083) EFL 00250246 (NO,NB,E,BE,NS,PE,GE,LE) ST0 empty -??? FFFF 00000000 00000000 ST1 empty -??? FFFF 00000000 00000000 ST2 empty -??? FFFF 00000000 00000000 ST3 empty -??? FFFF 00000000 00000000 ST4 empty 0.0000106994366433355 ST5 empty 0.6322773098945617676 ST6 empty -0.0034003453329205513 ST7 empty 1041416.9375000000000 3 2 1 0 E S P U O Z D I FST 4220 Cond 1 0 1 0 Err 0 0 1 0 0 0 0 0 (EQ) FCW 007F Prec NEAR,24 Mask 1 1 1 1 1 1
Stack Trace:
Call stack of main thread
Address Stack Procedure / arguments Called from
Frame
0012DFC4 68175563 DIRAPI.681747A0 DIRAPI.6817555E
0012DFE4 6817003B DIRAPI.68175290 DIRAPI.68170036
0012E018 6817020D DIRAPI.6816FF40 DIRAPI.68170208
0012E01C 00A923C8 Arg1 = 00A923C8
0012E020 00000011 Arg2 = 00000011
0012E024 00000003 Arg3 = 00000003
0012E028 0012E050 Arg4 = 0012E050
0012E02C 00001100 Arg5 = 00001100
0012E048 680F6D50 DIRAPI.681701A0 DIRAPI.680F6D4B
0012E04C 00000000 Arg1 = 00000000
0012E050 00000003 Arg2 = 00000003
0012E054 00000091 Arg3 = 00000091
0012E058 0012E07C Arg4 = 0012E07C
0012E05C 00001100 Arg5 = 00001100
0012E068 6800CFC0 DIRAPI.680F6D30 DIRAPI.6800CFBB
0012E088 680817EC DIRAPI.6800CF80 DIRAPI.680817E7
0012E0B4 680823E3 DIRAPI.68081760 DIRAPI.680823DE
0012E0C8 680836A7 DIRAPI.68082380 DIRAPI.680836A2
0012E638 680839E2 DIRAPI.68082EA0 DIRAPI.680839DD
0012E634
0012E63C 00A86E8C Arg1 = 00A86E8C
0012E640 0012F5EC Arg2 = 0012F5EC
0012E644 00000000 Arg3 = 00000000
0012E648 00000000 Arg4 = 00000000
0012E64C 0000001A Arg5 = 0000001A
0012E674 68042D8C DIRAPI.68083970 DIRAPI.68042D87
0012F5EC
0012E678 00A86E8C Arg1 = 00A86E8C
0012E67C 0012F5EC Arg2 = 0012F5EC
0012E680 00000000 Arg3 = 00000000
0012E684 00000000 Arg4 = 00000000
0012E688 0000001A Arg5 = 0000001A
0012E6B0 6800A111 DIRAPI.68042C90 DIRAPI.#88+7C
0012E6B4 00A92588 Arg1 = 00A92588
0012E6B8 0012F5EC Arg2 = 0012F5EC
0012E6BC 00000000 Arg3 = 00000000
0012E6C0 0000001A Arg4 = 0000001A
0012E6DC 2018BB23
- Report Timeline
. 2010-04-14: Vendor contacted. 2010-04-14: Vendor requests PoC file. 2010-04-14: Core replies with the PoC file and the draft advisory. 2010-04-14: Adobe replies that will investigate the issue and sets a preliminary release date for June/July. 2010-04-15: Core agrees with the preliminary release date. 2010-04-28: Core requests an update on the situation, and asks whether Adobe was able to confirm if the bug is exploitable. 2010-04-28: Core requests a specific publication date for the fix. 2010-05-06: Adobe informs Core that the release date for the fix has been set to May 11th. 2010-05-07: Core asks Adobe if they want to provide the text for the "Solutions and Workarounds" section of the advisory. 2010-05-07: Adobe replies with the text for the "Solutions and Workarounds" section of the advisory. 2010-05-11: Advisory published.
- References
[1] Adobe Security Bulletin [http://www.adobe.com/go/apsb10-12/].
- About CoreLabs
CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: [http://www.coresecurity.com/corelabs].
- About Core Security Technologies
Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com].
- Disclaimer
The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given.
- PGP/GPG Keys
This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc].
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkvptp4ACgkQyNibggitWa2lwACgo9oRhMUsmUe+IH3jdK9d7B+m ebMAn1iAO1mYBqXGrm67F2oCxTd+OEe3 =s6Ek -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201005-0051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "director",
"scope": "lt",
"trust": 1.8,
"vendor": "adobe",
"version": "11.5.7.609"
},
{
"model": "shockwave player",
"scope": "lte",
"trust": 1.8,
"vendor": "adobe",
"version": "11.5.6.606"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "6.0"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "2.0"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "8.5.1"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "8.0"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "5.0"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "1.0"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "10.1.0.11"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "9"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "3.0"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "4.0"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.6.606"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.2.606"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.2.602"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.1.601"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.601"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.600"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.596"
},
{
"model": "director",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5"
},
{
"model": "director",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.0.0.426"
},
{
"model": "shockwave player",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.7.609"
},
{
"model": "director",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.7.609"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.1,
"vendor": "adobe incorporated",
"version": "11.5.6.606"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2010-4937"
},
{
"db": "BID",
"id": "40076"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001474"
},
{
"db": "NVD",
"id": "CVE-2010-0128"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-190"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:director:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.5.7.609",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.5.6.606",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-0128"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nahuel Riva",
"sources": [
{
"db": "BID",
"id": "40076"
}
],
"trust": 0.3
},
"cve": "CVE-2010-0128",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2010-0128",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-42733",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-0128",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201005-190",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "ZSL",
"id": "ZSL-2010-4937",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "VULHUB",
"id": "VHN-42733",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2010-4937"
},
{
"db": "VULHUB",
"id": "VHN-42733"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001474"
},
{
"db": "NVD",
"id": "CVE-2010-0128"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-190"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation. Adobe Shockwave Player is prone to a remote code-execution vulnerability. \nAttackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. \nAdobe Shockwave Player 11.5.6.606 and prior are vulnerable. \nNOTE: This issue was previously discussed in BID 40066 (Adobe Shockwave Player APSB10-12 Multiple Remote Vulnerabilities) but has been given its own record to better document it. The vulnerable software fails to sanitize user input when processing .dir files resulting in a crash and overwrite of a few memory registers.\u003cbr/\u003e\u003cbr/\u003e --------------------------------------------------------------------------------\u003cbr/\u003e\u003cbr/\u003e\u003ccode\u003e (f94.ae4): Access violation - code c0000005 (first chance)\u003cbr/\u003e First chance exceptions are reported before any exception handling.\u003cbr/\u003e This exception may be expected and handled.\u003cbr/\u003e eax=20a0a0a0 ebx=207d004c ecx=00000400 edx=41414140 esi=00000000 edi=a80487d8\u003cbr/\u003e eip=68008bd6 esp=0012de4c ebp=00000400 iopl=0 nv up ei pl nz na pe nc\u003cbr/\u003e cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00050206\u003cbr/\u003e *** WARNING: Unable to verify checksum for C:\\Program Files\\Adobe\\Adobe Director 11\\DIRAPI.dll\u003cbr/\u003e *** ERROR: Symbol file could not be found. Defaulted to export symbols for DIRAPI.dll - \u003cbr/\u003e DIRAPI!Ordinal14+0x3b16:\u003cbr/\u003e 68008bd6 2b4f04 sub ecx,dword ptr [edi+4] ds:0023:a80487dc=????????\u003cbr/\u003e\u003cbr/\u003e-----------------------\u003cbr/\u003e\u003cbr/\u003eEAX FFFFFFFF\u003cbr/\u003eECX 41414141\u003cbr/\u003eEDX FFFFFFFF\u003cbr/\u003eEBX 00000018\u003cbr/\u003eESP 0012F3B4\u003cbr/\u003eEBP 02793578\u003cbr/\u003eESI 0012F3C4\u003cbr/\u003eEDI 02793578\u003cbr/\u003eEIP 69009F1F IML32.69009F1F\u003cbr/\u003e\u003c/code\u003e\u003cbr/\u003e--------------------------------------------------------------------------------\u003cbr/\u003e\u003cbr/\u003eTested on: Microsoft Windows XP Professional SP3 (English). ----------------------------------------------------------------------\n\n\nLooking for a job?\n\n\nSecunia is hiring skilled researchers and talented developers. \n\n1) A boundary error while processing FFFFFF45h Shockwave 3D blocks\ncan be exploited to corrupt memory. \n\n2) A signedness error in the processing of Director files can be\nexploited to corrupt memory. \n\n3) An array indexing error when processing Director files can be\nexploited to corrupt memory. \n\n4) An integer overflow error when processing Director files can be\nexploited to corrupt memory. \n\n5) An error when processing asset entries contained in Director files\ncan be exploited to corrupt memory. \n\n6) A boundary error when processing embedded fonts can be exploited\nto cause a heap-based buffer overflow via a specially crafted\nDirector file. \n\n7) An error when processing Director files can be exploited to\noverwrite 4 bytes of memory. \n\n8) An error in the implementation of ordinal function 1409 in\niml32.dll can be exploited to corrupt heap memory via a specially\ncrafted Director file. \n\n9) An error when processing a 4-byte field inside FFFFFF49h Shockwave\n3D blocks can be exploited to corrupt heap memory. \n\n10) An unspecified error can be exploited to corrupt memory. \n\n11) A second unspecified error can be exploited to corrupt memory. \n\n12) A third unspecified error can be exploited to corrupt memory. \n\n13) A fourth unspecified error can be exploited to cause a buffer\noverflow. \n\n14) A fifth unspecified error can be exploited to corrupt memory. \n\n15) A sixth unspecified error can be exploited to corrupt memory. \n\n16) A seventh unspecified error can be exploited to corrupt memory. \n\n17) An error when processing signed values encountered while parsing\n\"pami\" RIFF chunks can be exploited to corrupt memory. \n\nThe vulnerabilities are reported in versions 11.5.6.606 and prior on\nWindows and Macintosh. \n\nSOLUTION:\nUpdate to version 11.5.7.609. \n3) Chaouki Bekrar of Vupen, Code Audit Labs, and an anonymous person\nworking with iDefense. \n7) Chaouki Bekrar and Sebastien Renaud of Vupen, Code Audit Labs,\nGjoko Krstic of Zero Science Lab, and Chro HD of Fortinet\u0027s\nFortiGuard Labs. \n8, 17) an anonymous person working with ZDI. \n9) Chaouki Bekrar of Vupen and an anonymous person working with ZDI. \n10) Chaouki Bekrar of Vupen. \n11-16) Chro HD of Fortinet\u0027s FortiGuard Labs. \n\nCHANGELOG:\n2010-05-12: Updated \"Extended Description\" and added PoCs for\nvulnerabilities #2, #3, #4, and #6. \n\nORIGINAL ADVISORY:\nAdobe:\nhttp://www.adobe.com/support/security/bulletins/apsb10-12.html\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2010-17/\nhttp://secunia.com/secunia_research/2010-19/\nhttp://secunia.com/secunia_research/2010-20/\nhttp://secunia.com/secunia_research/2010-22/\nhttp://secunia.com/secunia_research/2010-34/\nhttp://secunia.com/secunia_research/2010-50/\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-087/\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-088/\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-089/\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869\n\nCode Audit Labs:\nhttp://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html\nhttp://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html\nhttp://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html\n\nZero Science Lab:\nhttp://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php\n\nCore Security Technologies:\nhttp://www.coresecurity.com/content/adobe-director-invalid-read\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\n====================================================================== \n2) Severity \n\nRating: Highly critical\nImpact: System access\nWhere: From remote\n\n====================================================================== \n3) Vendor\u0027s Description of Software \n\n\"Over 450 million Internet-enabled desktops have installed Adobe \nShockwave Player. \".dir\") is opened. \n\n====================================================================== \n6) Time Table \n\n03/03/2010 - Vendor notified. \n12/05/2010 - Public disclosure. \n\n====================================================================== \n8) References\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\nCVE-2010-0128 for the vulnerability. \n\n====================================================================== \n9) About Secunia\n\nSecunia offers vulnerability management solutions to corporate\ncustomers with verified and reliable vulnerability intelligence\nrelevant to their specific system configuration:\n\nhttp://secunia.com/advisories/business_solutions/\n\nSecunia also provides a publicly accessible and comprehensive advisory\ndatabase as a service to the security community and private \nindividuals, who are interested in or concerned about IT-security. \n\nhttp://secunia.com/advisories/\n\nSecunia believes that it is important to support the community and to\ndo active vulnerability research in order to aid improving the \nsecurity and reliability of software in general:\n\nhttp://secunia.com/secunia_research/\n\nSecunia regularly hires new skilled team members. Check the URL below\nto see currently vacant positions:\n\nhttp://secunia.com/corporate/jobs/\n\nSecunia offers a FREE mailing list called Secunia Security Advisories:\n\nhttp://secunia.com/advisories/mailing_lists/\n\n====================================================================== \n10) Verification \n\nPlease verify this advisory by visiting the Secunia website:\nhttp://secunia.com/secunia_research/2010-19/\n\nComplete list of vulnerability reports published by Secunia Research:\nhttp://secunia.com/secunia_research/\n\n======================================================================\n\n_______________________________________________\nFull-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n Core Security Technologies - CoreLabs Advisory\n http://corelabs.coresecurity.com/\n\nAdobe Director DIRAPI.DLL Invalid Read Vulnerability\n\n\n\n1. *Advisory Information*\n\nTitle: Adobe Director DIRAPI.DLL Invalid Read Vulnerability\nAdvisory Id: CORE-2010-0405\nAdvisory URL:\n[http://www.coresecurity.com/content/adobe-director-invalid-read]\nDate published: 2010-05-11\nDate of last update: 2010-05-11\nVendors contacted: Adobe\nRelease mode: Coordinated release\n\n\n\n2. *Vulnerability Information*\n\nClass: Input validation error [CWE-20]\nImpact: Denial of service\nRemotely Exploitable: Yes (client-side)\nLocally Exploitable: No\nCVE Name: CVE-2010-0128\nBugtraq ID: N/A\n\n\n\n3. *Vulnerability Description*\n\nAdobe Director is prone to a vulnerability due to an invalid read in\n\u0027DIRAPI.DLL\u0027, when opening a malformed .dir file. \n\n\n4. *Vulnerable packages*\n\n . Adobe Director 11.5\n . Adobe Director 11 (Version: 11.0.0.426)\n\n\n5. *Non-vulnerable packages*\n\n . Adobe Director 11.5 (Version: 11.5.7.609)\n\n\n6. *Solutions and Workarounds*\n\n See the Adobe Security Bulletin [1] available at\n [http://www.adobe.com/go/apsb10-12/]. \n\n\n7. *Credits*\n\nThis vulnerability was discovered and researched by Nahuel Riva, from\nCore Security Technologies. Publication was coordinated by Jorge\nLucangeli Obes. \n\n\n8. *Technical Description*\n\nThe vulnerability occurs at offset \u00270x68174813\u0027 of the \u0027dirapi.dll\u0027\nmodule of Adobe Director. Improper validation of input data leads to a\ncrash in the memory read instruction. This vulnerability could result in\narbitrary code execution, although it was not verified. \n\n/-----\nApp: Adobe Director 11\nVersion: 11.0.0.426\nModule crash: Dirapi.dll Version: 11.0.0.426\n\nCrash:\n68174813 |. 8906 |MOV DWORD PTR DS:[ESI],EAX\n68174815 |\u003e 8B4C24 14 |MOV ECX,DWORD PTR SS:[ESP+14]\n68174819 |. 51 |PUSH ECX\n6817481A |. E8 3197F5FF |CALL \u003cJMP.\u0026IML32.#1414\u003e\n6817481F |. 8946 04 |MOV DWORD PTR DS:[ESI+4],EAX\n68174822 |. 83C6 08 |ADD ESI,8\n68174825 |. 4D |DEC EBP\n68174826 |.^ 75 C8 \\JNZ SHORT DIRAPI.681747F0\n\nEAX=00000000\nDS:[02889B20]=???\n\nRegisters:\nEAX 00000000\nECX 00000068\nEDX 00000001\nEBX FFE4B4D4\nESP 0012DFB8\nEBP 0000373D\nESI 02889B20\nEDI 01BC9964\nEIP 68174813 DIRAPI.68174813\nC 0 ES 0023 32bit 0(FFFFFFFF)\nP 1 CS 001B 32bit 0(FFFFFFFF)\nA 0 SS 0023 32bit 0(FFFFFFFF)\nZ 1 DS 0023 32bit 0(FFFFFFFF)\nS 0 FS 003B 32bit 7FFDD000(FFF)\nT 0 GS 0000 NULL\nD 0\nO 0 LastErr ERROR_NEGATIVE_SEEK (00000083)\nEFL 00250246 (NO,NB,E,BE,NS,PE,GE,LE)\nST0 empty -??? FFFF 00000000 00000000\nST1 empty -??? FFFF 00000000 00000000\nST2 empty -??? FFFF 00000000 00000000\nST3 empty -??? FFFF 00000000 00000000\nST4 empty 0.0000106994366433355\nST5 empty 0.6322773098945617676\nST6 empty -0.0034003453329205513\nST7 empty 1041416.9375000000000\n 3 2 1 0 E S P U O Z D I\nFST 4220 Cond 1 0 1 0 Err 0 0 1 0 0 0 0 0 (EQ)\nFCW 007F Prec NEAR,24 Mask 1 1 1 1 1 1\n\nStack Trace:\nCall stack of main thread\nAddress Stack Procedure / arguments Called from\n Frame\n0012DFC4 68175563 DIRAPI.681747A0 DIRAPI.6817555E\n0012DFE4 6817003B DIRAPI.68175290 DIRAPI.68170036\n0012E018 6817020D DIRAPI.6816FF40 DIRAPI.68170208\n0012E01C 00A923C8 Arg1 = 00A923C8\n0012E020 00000011 Arg2 = 00000011\n0012E024 00000003 Arg3 = 00000003\n0012E028 0012E050 Arg4 = 0012E050\n0012E02C 00001100 Arg5 = 00001100\n0012E048 680F6D50 DIRAPI.681701A0 DIRAPI.680F6D4B\n0012E04C 00000000 Arg1 = 00000000\n0012E050 00000003 Arg2 = 00000003\n0012E054 00000091 Arg3 = 00000091\n0012E058 0012E07C Arg4 = 0012E07C\n0012E05C 00001100 Arg5 = 00001100\n0012E068 6800CFC0 DIRAPI.680F6D30 DIRAPI.6800CFBB\n0012E088 680817EC DIRAPI.6800CF80 DIRAPI.680817E7\n0012E0B4 680823E3 DIRAPI.68081760 DIRAPI.680823DE\n0012E0C8 680836A7 DIRAPI.68082380 DIRAPI.680836A2\n0012E638 680839E2 DIRAPI.68082EA0 DIRAPI.680839DD\n 0012E634\n0012E63C 00A86E8C Arg1 = 00A86E8C\n0012E640 0012F5EC Arg2 = 0012F5EC\n0012E644 00000000 Arg3 = 00000000\n0012E648 00000000 Arg4 = 00000000\n0012E64C 0000001A Arg5 = 0000001A\n0012E674 68042D8C DIRAPI.68083970 DIRAPI.68042D87\n 0012F5EC\n0012E678 00A86E8C Arg1 = 00A86E8C\n0012E67C 0012F5EC Arg2 = 0012F5EC\n0012E680 00000000 Arg3 = 00000000\n0012E684 00000000 Arg4 = 00000000\n0012E688 0000001A Arg5 = 0000001A\n0012E6B0 6800A111 DIRAPI.68042C90 DIRAPI.#88+7C\n0012E6B4 00A92588 Arg1 = 00A92588\n0012E6B8 0012F5EC Arg2 = 0012F5EC\n0012E6BC 00000000 Arg3 = 00000000\n0012E6C0 0000001A Arg4 = 0000001A\n0012E6DC 2018BB23 \u003cJMP.\u0026DIRAPI.#88\u003e Director.2018BB1E\n0012E83C 2027E776 ? Director.2018BAB0 Director.2027E771\n- -----/\n\n\n\n9. *Report Timeline*\n\n. 2010-04-14:\nVendor contacted. 2010-04-14:\nVendor requests PoC file. 2010-04-14:\nCore replies with the PoC file and the draft advisory. 2010-04-14:\nAdobe replies that will investigate the issue and sets a preliminary\nrelease date for June/July. 2010-04-15:\nCore agrees with the preliminary release date. 2010-04-28:\nCore requests an update on the situation, and asks whether Adobe was\nable to confirm if the bug is exploitable. 2010-04-28:\nCore requests a specific publication date for the fix. 2010-05-06:\nAdobe informs Core that the release date for the fix has been set to May\n11th. 2010-05-07:\nCore asks Adobe if they want to provide the text for the \"Solutions and\nWorkarounds\" section of the advisory. 2010-05-07:\nAdobe replies with the text for the \"Solutions and Workarounds\" section\nof the advisory. 2010-05-11:\nAdvisory published. \n\n\n\n10. *References*\n\n[1] Adobe Security Bulletin [http://www.adobe.com/go/apsb10-12/]. \n\n\n11. *About CoreLabs*\n\nCoreLabs, the research center of Core Security Technologies, is charged\nwith anticipating the future needs and requirements for information\nsecurity technologies. We conduct our research in several important\nareas of computer security including system vulnerabilities, cyber\nattack planning and simulation, source code auditing, and cryptography. \nOur results include problem formalization, identification of\nvulnerabilities, novel solutions and prototypes for new technologies. \nCoreLabs regularly publishes security advisories, technical papers,\nproject information and shared software tools for public use at:\n[http://www.coresecurity.com/corelabs]. \n\n\n12. *About Core Security Technologies*\n\nCore Security Technologies develops strategic solutions that help\nsecurity-conscious organizations worldwide develop and maintain a\nproactive process for securing their networks. The company\u0027s flagship\nproduct, CORE IMPACT, is the most comprehensive product for performing\nenterprise security assurance testing. CORE IMPACT evaluates network,\nendpoint and end-user vulnerabilities and identifies what resources are\nexposed. It enables organizations to determine if current security\ninvestments are detecting and preventing attacks. Core Security\nTechnologies augments its leading technology solution with world-class\nsecurity consulting services, including penetration testing and software\nsecurity auditing. Based in Boston, MA and Buenos Aires, Argentina, Core\nSecurity Technologies can be reached at 617-399-6980 or on the Web at\n[http://www.coresecurity.com]. \n\n\n13. *Disclaimer*\n\nThe contents of this advisory are copyright (c) 2010 Core Security\nTechnologies and (c) 2010 CoreLabs, and may be distributed freely\nprovided that no fee is charged for this distribution and proper credit\nis given. \n\n\n14. *PGP/GPG Keys*\n\nThis advisory has been signed with the GPG key of Core Security\nTechnologies advisories team, which is available for download at\n[http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niEYEARECAAYFAkvptp4ACgkQyNibggitWa2lwACgo9oRhMUsmUe+IH3jdK9d7B+m\nebMAn1iAO1mYBqXGrm67F2oCxTd+OEe3\n=s6Ek\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-0128"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001474"
},
{
"db": "BID",
"id": "40076"
},
{
"db": "ZSL",
"id": "ZSL-2010-4937"
},
{
"db": "VULHUB",
"id": "VHN-42733"
},
{
"db": "PACKETSTORM",
"id": "89462"
},
{
"db": "PACKETSTORM",
"id": "89440"
},
{
"db": "PACKETSTORM",
"id": "89417"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/shockwave_mem.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-42733",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2010-4937"
},
{
"db": "VULHUB",
"id": "VHN-42733"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-0128",
"trust": 3.0
},
{
"db": "SECUNIA",
"id": "38751",
"trust": 2.9
},
{
"db": "VUPEN",
"id": "ADV-2010-1128",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001474",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201005-190",
"trust": 0.7
},
{
"db": "BID",
"id": "40076",
"trust": 0.4
},
{
"db": "ZSL",
"id": "ZSL-2010-4937",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "89440",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "89417",
"trust": 0.2
},
{
"db": "XF",
"id": "58447",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "12578",
"trust": 0.1
},
{
"db": "BID",
"id": "40081",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "64646",
"trust": 0.1
},
{
"db": "AUSCERT",
"id": "ESB-2010.0436",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1023980",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-42733",
"trust": 0.1
},
{
"db": "ZDI",
"id": "ZDI-10-087",
"trust": 0.1
},
{
"db": "ZDI",
"id": "ZDI-10-089",
"trust": 0.1
},
{
"db": "ZDI",
"id": "ZDI-10-088",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89462",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2010-4937"
},
{
"db": "VULHUB",
"id": "VHN-42733"
},
{
"db": "BID",
"id": "40076"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001474"
},
{
"db": "PACKETSTORM",
"id": "89462"
},
{
"db": "PACKETSTORM",
"id": "89440"
},
{
"db": "PACKETSTORM",
"id": "89417"
},
{
"db": "NVD",
"id": "CVE-2010-0128"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-190"
}
]
},
"id": "VAR-201005-0051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-42733"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:11:17.703000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB10-12",
"trust": 0.8,
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"title": "APSB10-12",
"trust": 0.8,
"url": "http://www.adobe.com/jp/support/security/bulletins/apsb10-12.html"
},
{
"title": "Shockwave 11.5.7.609 for Mac Slim",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3595"
},
{
"title": "Adobe Shockwave Player version 11.5.7.609",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3594"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001474"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-190"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-189",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42733"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001474"
},
{
"db": "NVD",
"id": "CVE-2010-0128"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.vupen.com/english/advisories/2010/1128"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/38751"
},
{
"trust": 2.2,
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"trust": 2.2,
"url": "http://secunia.com/secunia_research/2010-19/"
},
{
"trust": 2.1,
"url": "http://www.coresecurity.com/content/adobe-director-invalid-read"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/511240/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/511261/100/0/threaded"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7273"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0128"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0128"
},
{
"trust": 0.3,
"url": "http://www.adobe.com"
},
{
"trust": 0.3,
"url": "/archive/1/511240"
},
{
"trust": 0.3,
"url": "/archive/1/511261"
},
{
"trust": 0.3,
"url": "http://www.coresecurity.com/content/adobe-director-memory-corruption"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/38751/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0128"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.org/filedesc/zsl-2010-4937.txt.html"
},
{
"trust": 0.1,
"url": "http://www.qualys.com/research/alerts/view.php/2010-05-11-2"
},
{
"trust": 0.1,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1280"
},
{
"trust": 0.1,
"url": "http://www.exploit-db.com/exploits/12578"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/40081"
},
{
"trust": 0.1,
"url": "http://www.0daynet.com/2010/0512/335.html"
},
{
"trust": 0.1,
"url": "http://securityreason.com/exploitalert/8249"
},
{
"trust": 0.1,
"url": "http://forums.cnet.com/5208-6132_102-0.html?messageid=3303052"
},
{
"trust": 0.1,
"url": "http://news.dreamings.org/?p=1050"
},
{
"trust": 0.1,
"url": "http://securitytracker.com/alerts/2010/may/1023980.html"
},
{
"trust": 0.1,
"url": "http://www.auscert.org.au/render.html?it=12789"
},
{
"trust": 0.1,
"url": "http://securityvulns.ru/xdocument830.html"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/xforce/xfdb/58447"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/64646"
},
{
"trust": 0.1,
"url": "http://www.nessus.org/plugins/index.php?view=single\u0026amp;id=46329"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-089/"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_research/2010-17/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-087/"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_research/2010-34/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-088/"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_research/2010-22/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_research/2010-50/"
},
{
"trust": 0.1,
"url": "http://get.adobe.com/shockwave/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_research/2010-20/"
},
{
"trust": 0.1,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2010-4937.php"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_research/"
},
{
"trust": 0.1,
"url": "http://www.adobe.com/products/shockwaveplayer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/corporate/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/mailing_lists/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/content/adobe-director-invalid-read]"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/corelabs]."
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc]."
},
{
"trust": 0.1,
"url": "http://corelabs.coresecurity.com/"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com]."
},
{
"trust": 0.1,
"url": "http://www.adobe.com/go/apsb10-12/]."
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2010-4937"
},
{
"db": "VULHUB",
"id": "VHN-42733"
},
{
"db": "BID",
"id": "40076"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001474"
},
{
"db": "PACKETSTORM",
"id": "89462"
},
{
"db": "PACKETSTORM",
"id": "89440"
},
{
"db": "PACKETSTORM",
"id": "89417"
},
{
"db": "NVD",
"id": "CVE-2010-0128"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-190"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2010-4937"
},
{
"db": "VULHUB",
"id": "VHN-42733"
},
{
"db": "BID",
"id": "40076"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001474"
},
{
"db": "PACKETSTORM",
"id": "89462"
},
{
"db": "PACKETSTORM",
"id": "89440"
},
{
"db": "PACKETSTORM",
"id": "89417"
},
{
"db": "NVD",
"id": "CVE-2010-0128"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-190"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-05-11T00:00:00",
"db": "ZSL",
"id": "ZSL-2010-4937"
},
{
"date": "2010-05-13T00:00:00",
"db": "VULHUB",
"id": "VHN-42733"
},
{
"date": "2010-05-11T00:00:00",
"db": "BID",
"id": "40076"
},
{
"date": "2010-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001474"
},
{
"date": "2010-05-13T07:29:48",
"db": "PACKETSTORM",
"id": "89462"
},
{
"date": "2010-05-12T15:26:05",
"db": "PACKETSTORM",
"id": "89440"
},
{
"date": "2010-05-12T02:42:09",
"db": "PACKETSTORM",
"id": "89417"
},
{
"date": "2010-05-13T17:30:01.780000",
"db": "NVD",
"id": "CVE-2010-0128"
},
{
"date": "2010-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201005-190"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-06T00:00:00",
"db": "ZSL",
"id": "ZSL-2010-4937"
},
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-42733"
},
{
"date": "2010-05-13T20:51:00",
"db": "BID",
"id": "40076"
},
{
"date": "2010-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001474"
},
{
"date": "2022-04-22T01:44:51.600000",
"db": "NVD",
"id": "CVE-2010-0128"
},
{
"date": "2022-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201005-190"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "89417"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-190"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Shockwave Player and Adobe Director Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001474"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201005-190"
}
],
"trust": 0.6
}
}