cvelistv5 - CVE-2010-0987

CVE-2010-0987

Vulnerability from cvelistv5

Published

2010-05-13 17:00

Modified

2024-08-07 01:06

Severity ?

Summary

Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.

References

URL	Tags
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/38751	Not Applicable
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2010-50/	Not Applicable
PSIRT-CNA@flexerasoftware.com	http://www.adobe.com/support/security/bulletins/apsb10-12.html	Patch, Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/511265/100/0/threaded	Third Party Advisory, VDB Entry
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/bid/40093	Third Party Advisory, VDB Entry
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2010/1128	Permissions Required
PSIRT-CNA@flexerasoftware.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7052	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38751	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2010-50/	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb10-12.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/511265/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/40093	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1128	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7052	Third Party Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:06:52.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38751",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38751"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2010-50/"
          },
          {
            "name": "ADV-2010-1128",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1128"
          },
          {
            "name": "20100512 Secunia Research: Adobe Shockwave Player Font Processing Buffer Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/511265/100/0/threaded"
          },
          {
            "name": "40093",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/40093"
          },
          {
            "name": "oval:org.mitre.oval:def:7052",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7052"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "38751",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38751"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2010-50/"
        },
        {
          "name": "ADV-2010-1128",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1128"
        },
        {
          "name": "20100512 Secunia Research: Adobe Shockwave Player Font Processing Buffer Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/511265/100/0/threaded"
        },
        {
          "name": "40093",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/40093"
        },
        {
          "name": "oval:org.mitre.oval:def:7052",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7052"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2010-0987",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "38751",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38751"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
            },
            {
              "name": "http://secunia.com/secunia_research/2010-50/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2010-50/"
            },
            {
              "name": "ADV-2010-1128",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1128"
            },
            {
              "name": "20100512 Secunia Research: Adobe Shockwave Player Font Processing Buffer Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/511265/100/0/threaded"
            },
            {
              "name": "40093",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/40093"
            },
            {
              "name": "oval:org.mitre.oval:def:7052",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7052"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2010-0987",
    "datePublished": "2010-05-13T17:00:00",
    "dateReserved": "2010-03-18T00:00:00",
    "dateUpdated": "2024-08-07T01:06:52.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.5.7.609\", \"matchCriteriaId\": \"7A79D960-7961-4737-B69E-C070DA62C9AD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C56F007-5F8E-4BDD-A803-C907BCC0AF55\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer basado en memoria din\\u00e1mica en Adobe Shockwave Player en versiones anteriores a la 11.5.7.609 puede permitir a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n mediante fuentes manipuladas embebidas  en un fichero Shockwave.\"}]",
      "id": "CVE-2010-0987",
      "lastModified": "2024-11-21T01:13:21.710",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-05-13T17:30:01.953",
      "references": "[{\"url\": \"http://secunia.com/advisories/38751\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/secunia_research/2010-50/\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-12.html\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/511265/100/0/threaded\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/40093\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/1128\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7052\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/38751\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/secunia_research/2010-50/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-12.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/511265/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/40093\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/1128\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7052\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-0987\",\"sourceIdentifier\":\"PSIRT-CNA@flexerasoftware.com\",\"published\":\"2010-05-13T17:30:01.953\",\"lastModified\":\"2024-11-21T01:13:21.710\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en Adobe Shockwave Player en versiones anteriores a la 11.5.7.609 puede permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante fuentes manipuladas embebidas  en un fichero Shockwave.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.5.7.609\",\"matchCriteriaId\":\"7A79D960-7961-4737-B69E-C070DA62C9AD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C56F007-5F8E-4BDD-A803-C907BCC0AF55\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/38751\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/secunia_research/2010-50/\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-12.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/511265/100/0/threaded\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/40093\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1128\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7052\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/38751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/secunia_research/2010-50/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-12.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/511265/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/40093\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1128\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7052\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

ghsa-7rqr-xjw8-v6q2

Vulnerability from github

Published

2022-05-02 06:18

Modified

2022-05-02 06:18

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-0987"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-05-13T17:30:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.",
  "id": "GHSA-7rqr-xjw8-v6q2",
  "modified": "2022-05-02T06:18:02Z",
  "published": "2022-05-02T06:18:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0987"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7052"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38751"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/secunia_research/2010-50"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/511265/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/40093"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1128"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file. Adobe Shockwave Player is prone to a buffer-overflow vulnerability. Attackers can exploit this issue to crash the affected application and execute arbitrary code within the context of the affected application. Adobe Shockwave Player 11.5.6.606 and prior are vulnerable. NOTE: This issue was previously discussed in BID 40066 (Adobe Shockwave Player APSB10-12 Multiple Remote Vulnerabilities) but has been given its own record to better document it. The vulnerable software fails to sanitize user input when processing .dir files resulting in a crash and overwrite of a few memory registers.

--------------------------------------------------------------------------------

(f94.ae4): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=20a0a0a0 ebx=207d004c ecx=00000400 edx=41414140 esi=00000000 edi=a80487d8 eip=68008bd6 esp=0012de4c ebp=00000400 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00050206 *** WARNING: Unable to verify checksum for C:\Program Files\Adobe\Adobe Director 11\DIRAPI.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for DIRAPI.dll - DIRAPI!Ordinal14+0x3b16: 68008bd6 2b4f04 sub ecx,dword ptr [edi+4] ds:0023:a80487dc=???????? ----------------------- EAX FFFFFFFF ECX 41414141 EDX FFFFFFFF EBX 00000018 ESP 0012F3B4 EBP 02793578 ESI 0012F3C4 EDI 02793578 EIP 69009F1F IML32.69009F1F
--------------------------------------------------------------------------------

Tested on: Microsoft Windows XP Professional SP3 (English).

====================================================================== 2) Severity

Rating: Highly critical Impact: System access Where: From remote

====================================================================== 3) Vendor's Description of Software

"Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player.

====================================================================== 6) Time Table

23/03/2010 - Vendor notified. 23/03/2010 - Vendor response. 12/05/2010 - Public disclosure.

====================================================================== 8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2010-0987 for the vulnerability.

====================================================================== 9) About Secunia

Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

====================================================================== 10) Verification

Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2010-50/

Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/

======================================================================

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ----------------------------------------------------------------------

Looking for a job?

Secunia is hiring skilled researchers and talented developers.

1) A boundary error while processing FFFFFF45h Shockwave 3D blocks can be exploited to corrupt memory.

2) A signedness error in the processing of Director files can be exploited to corrupt memory.

3) An array indexing error when processing Director files can be exploited to corrupt memory.

4) An integer overflow error when processing Director files can be exploited to corrupt memory.

5) An error when processing asset entries contained in Director files can be exploited to corrupt memory.

7) An error when processing Director files can be exploited to overwrite 4 bytes of memory.

8) An error in the implementation of ordinal function 1409 in iml32.dll can be exploited to corrupt heap memory via a specially crafted Director file.

9) An error when processing a 4-byte field inside FFFFFF49h Shockwave 3D blocks can be exploited to corrupt heap memory.

10) An unspecified error can be exploited to corrupt memory.

11) A second unspecified error can be exploited to corrupt memory.

12) A third unspecified error can be exploited to corrupt memory.

13) A fourth unspecified error can be exploited to cause a buffer overflow.

14) A fifth unspecified error can be exploited to corrupt memory.

15) A sixth unspecified error can be exploited to corrupt memory.

16) A seventh unspecified error can be exploited to corrupt memory.

17) An error when processing signed values encountered while parsing "pami" RIFF chunks can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in versions 11.5.6.606 and prior on Windows and Macintosh.

SOLUTION: Update to version 11.5.7.609. http://get.adobe.com/shockwave/

PROVIDED AND/OR DISCOVERED BY: 1-6) Alin Rad Pop, Secunia Research

The vendor also credits: 2) Nahuel Riva of Core Security Technologies. 3) Chaouki Bekrar of Vupen, Code Audit Labs, and an anonymous person working with iDefense. 7) Chaouki Bekrar and Sebastien Renaud of Vupen, Code Audit Labs, Gjoko Krstic of Zero Science Lab, and Chro HD of Fortinet's FortiGuard Labs. 8, 17) an anonymous person working with ZDI. 9) Chaouki Bekrar of Vupen and an anonymous person working with ZDI. 10) Chaouki Bekrar of Vupen. 11-16) Chro HD of Fortinet's FortiGuard Labs.

CHANGELOG: 2010-05-12: Updated "Extended Description" and added PoCs for vulnerabilities #2, #3, #4, and #6.

ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb10-12.html

Secunia Research: http://secunia.com/secunia_research/2010-17/ http://secunia.com/secunia_research/2010-19/ http://secunia.com/secunia_research/2010-20/ http://secunia.com/secunia_research/2010-22/ http://secunia.com/secunia_research/2010-34/ http://secunia.com/secunia_research/2010-50/

ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-087/ http://www.zerodayinitiative.com/advisories/ZDI-10-088/ http://www.zerodayinitiative.com/advisories/ZDI-10-089/

iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869

Code Audit Labs: http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html

Zero Science Lab: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php

Core Security Technologies: http://www.coresecurity.com/content/adobe-director-invalid-read

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201005-0085",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "shockwave player",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "11.5.7.609"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "adobe",
        "version": "11.5.2.602"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "adobe",
        "version": "11.5.1.601"
      },
      {
        "model": "shockwave player",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "11.5.6.606"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "3.0"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "5.0"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "11.5.0.595"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "2.0"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "11.0.0.456"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "4.0"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "1.0"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "11.5.0.596"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "11.5.6.606"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "11.5.2.606"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "11.5.601"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "11.5.600"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "11.5.596"
      },
      {
        "model": "shockwave player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "11.5.7.609"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "adobe incorporated",
        "version": "11.5.6.606"
      }
    ],
    "sources": [
      {
        "db": "ZSL",
        "id": "ZSL-2010-4937"
      },
      {
        "db": "BID",
        "id": "40093"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001478"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0987"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-194"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.5.7.609",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-0987"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Alin Rad Pop of Secunia Research",
    "sources": [
      {
        "db": "BID",
        "id": "40093"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-0987",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2010-0987",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-43592",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-0987",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201005-194",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "ZSL",
            "id": "ZSL-2010-4937",
            "trust": 0.1,
            "value": "(4/5)"
          },
          {
            "author": "VULHUB",
            "id": "VHN-43592",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZSL",
        "id": "ZSL-2010-4937"
      },
      {
        "db": "VULHUB",
        "id": "VHN-43592"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001478"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0987"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-194"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file. Adobe Shockwave Player is prone to a buffer-overflow vulnerability. \nAttackers can exploit this issue to crash the affected application and execute arbitrary code within the context of the affected application. \nAdobe Shockwave Player 11.5.6.606 and prior are vulnerable. \nNOTE: This issue was previously discussed in BID 40066 (Adobe Shockwave Player APSB10-12 Multiple Remote Vulnerabilities) but has been given its own record to better document it. The vulnerable software fails to sanitize user input when      processing .dir files resulting in a crash and overwrite of a few memory registers.\u003cbr/\u003e\u003cbr/\u003e      --------------------------------------------------------------------------------\u003cbr/\u003e\u003cbr/\u003e\u003ccode\u003e (f94.ae4): Access violation - code c0000005 (first chance)\u003cbr/\u003e First chance exceptions are reported before any exception handling.\u003cbr/\u003e This exception may be expected and handled.\u003cbr/\u003e eax=20a0a0a0 ebx=207d004c ecx=00000400 edx=41414140 esi=00000000 edi=a80487d8\u003cbr/\u003e eip=68008bd6 esp=0012de4c ebp=00000400 iopl=0         nv up ei pl nz na pe nc\u003cbr/\u003e cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00050206\u003cbr/\u003e *** WARNING: Unable to verify checksum for C:\\Program Files\\Adobe\\Adobe Director 11\\DIRAPI.dll\u003cbr/\u003e *** ERROR: Symbol file could not be found.  Defaulted to export symbols for DIRAPI.dll - \u003cbr/\u003e DIRAPI!Ordinal14+0x3b16:\u003cbr/\u003e 68008bd6 2b4f04          sub     ecx,dword ptr [edi+4] ds:0023:a80487dc=????????\u003cbr/\u003e\u003cbr/\u003e-----------------------\u003cbr/\u003e\u003cbr/\u003eEAX FFFFFFFF\u003cbr/\u003eECX 41414141\u003cbr/\u003eEDX FFFFFFFF\u003cbr/\u003eEBX 00000018\u003cbr/\u003eESP 0012F3B4\u003cbr/\u003eEBP 02793578\u003cbr/\u003eESI 0012F3C4\u003cbr/\u003eEDI 02793578\u003cbr/\u003eEIP 69009F1F IML32.69009F1F\u003cbr/\u003e\u003c/code\u003e\u003cbr/\u003e--------------------------------------------------------------------------------\u003cbr/\u003e\u003cbr/\u003eTested on: Microsoft Windows XP Professional SP3 (English). \n\n====================================================================== \n2) Severity \n\nRating: Highly critical\nImpact: System access\nWhere:  From remote\n\n====================================================================== \n3) Vendor\u0027s Description of Software \n\n\"Over 450 million Internet-enabled desktops have installed Adobe \nShockwave Player. \n\n====================================================================== \n6) Time Table \n\n23/03/2010 - Vendor notified. \n23/03/2010 - Vendor response. \n12/05/2010 - Public disclosure. \n\n====================================================================== \n8) References\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \nCVE-2010-0987 for the vulnerability. \n\n====================================================================== \n9) About Secunia\n\nSecunia offers vulnerability management solutions to corporate\ncustomers with verified and reliable vulnerability intelligence\nrelevant to their specific system configuration:\n\nhttp://secunia.com/advisories/business_solutions/\n\nSecunia also provides a publicly accessible and comprehensive advisory\ndatabase as a service to the security community and private \nindividuals, who are interested in or concerned about IT-security. \n\nhttp://secunia.com/advisories/\n\nSecunia believes that it is important to support the community and to\ndo active vulnerability research in order to aid improving the \nsecurity and reliability of software in general:\n\nhttp://secunia.com/secunia_research/\n\nSecunia regularly hires new skilled team members. Check the URL below\nto see currently vacant positions:\n\nhttp://secunia.com/corporate/jobs/\n\nSecunia offers a FREE mailing list called Secunia Security Advisories:\n\nhttp://secunia.com/advisories/mailing_lists/\n\n====================================================================== \n10) Verification \n\nPlease verify this advisory by visiting the Secunia website:\nhttp://secunia.com/secunia_research/2010-50/\n\nComplete list of vulnerability reports published by Secunia Research:\nhttp://secunia.com/secunia_research/\n\n======================================================================\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\n\nLooking for a job?\n\n\nSecunia is hiring skilled researchers and talented developers. \n\n1) A boundary error while processing FFFFFF45h Shockwave 3D blocks\ncan be exploited to corrupt memory. \n\n2) A signedness error in the processing of Director files can be\nexploited to corrupt memory. \n\n3) An array indexing error when processing Director files can be\nexploited to corrupt memory. \n\n4) An integer overflow error when processing Director files can be\nexploited to corrupt memory. \n\n5) An error when processing asset entries contained in Director files\ncan be exploited to corrupt memory. \n\n7) An error when processing Director files can be exploited to\noverwrite 4 bytes of memory. \n\n8) An error in the implementation of ordinal function 1409 in\niml32.dll can be exploited to corrupt heap memory via a specially\ncrafted Director file. \n\n9) An error when processing a 4-byte field inside FFFFFF49h Shockwave\n3D blocks can be exploited to corrupt heap memory. \n\n10) An unspecified error can be exploited to corrupt memory. \n\n11) A second unspecified error can be exploited to corrupt memory. \n\n12) A third unspecified error can be exploited to corrupt memory. \n\n13) A fourth unspecified error can be exploited to cause a buffer\noverflow. \n\n14) A fifth unspecified error can be exploited to corrupt memory. \n\n15) A sixth unspecified error can be exploited to corrupt memory. \n\n16) A seventh unspecified error can be exploited to corrupt memory. \n\n17) An error when processing signed values encountered while parsing\n\"pami\" RIFF chunks can be exploited to corrupt memory. \n\nSuccessful exploitation of the vulnerabilities may allow execution of\narbitrary code. \n\nThe vulnerabilities are reported in versions 11.5.6.606 and prior on\nWindows and Macintosh. \n\nSOLUTION:\nUpdate to version 11.5.7.609. \nhttp://get.adobe.com/shockwave/\n\nPROVIDED AND/OR DISCOVERED BY:\n1-6) Alin Rad Pop, Secunia Research\n\nThe vendor also credits:\n2) Nahuel Riva of Core Security Technologies. \n3) Chaouki Bekrar of Vupen, Code Audit Labs, and an anonymous person\nworking with iDefense. \n7) Chaouki Bekrar and Sebastien Renaud of Vupen, Code Audit Labs,\nGjoko Krstic of Zero Science Lab, and Chro HD of Fortinet\u0027s\nFortiGuard Labs. \n8, 17) an anonymous person working with ZDI. \n9) Chaouki Bekrar of Vupen and an anonymous person working with ZDI. \n10) Chaouki Bekrar of Vupen. \n11-16) Chro HD of Fortinet\u0027s FortiGuard Labs. \n\nCHANGELOG:\n2010-05-12: Updated \"Extended Description\" and added PoCs for\nvulnerabilities #2, #3, #4, and #6. \n\nORIGINAL ADVISORY:\nAdobe:\nhttp://www.adobe.com/support/security/bulletins/apsb10-12.html\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2010-17/\nhttp://secunia.com/secunia_research/2010-19/\nhttp://secunia.com/secunia_research/2010-20/\nhttp://secunia.com/secunia_research/2010-22/\nhttp://secunia.com/secunia_research/2010-34/\nhttp://secunia.com/secunia_research/2010-50/\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-087/\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-088/\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-089/\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869\n\nCode Audit Labs:\nhttp://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html\nhttp://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html\nhttp://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html\n\nZero Science Lab:\nhttp://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php\n\nCore Security Technologies:\nhttp://www.coresecurity.com/content/adobe-director-invalid-read\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-0987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001478"
      },
      {
        "db": "BID",
        "id": "40093"
      },
      {
        "db": "ZSL",
        "id": "ZSL-2010-4937"
      },
      {
        "db": "VULHUB",
        "id": "VHN-43592"
      },
      {
        "db": "PACKETSTORM",
        "id": "89444"
      },
      {
        "db": "PACKETSTORM",
        "id": "89462"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.zeroscience.mk/codes/shockwave_mem.txt",
        "trust": 0.1,
        "type": "poc"
      },
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-43592",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "ZSL",
        "id": "ZSL-2010-4937"
      },
      {
        "db": "VULHUB",
        "id": "VHN-43592"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "38751",
        "trust": 2.9
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0987",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "40093",
        "trust": 2.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1128",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001478",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-194",
        "trust": 0.7
      },
      {
        "db": "ZSL",
        "id": "ZSL-2010-4937",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "89444",
        "trust": 0.2
      },
      {
        "db": "XF",
        "id": "58447",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "12578",
        "trust": 0.1
      },
      {
        "db": "BID",
        "id": "40081",
        "trust": 0.1
      },
      {
        "db": "OSVDB",
        "id": "64646",
        "trust": 0.1
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2010.0436",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1023980",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-43592",
        "trust": 0.1
      },
      {
        "db": "ZDI",
        "id": "ZDI-10-087",
        "trust": 0.1
      },
      {
        "db": "ZDI",
        "id": "ZDI-10-089",
        "trust": 0.1
      },
      {
        "db": "ZDI",
        "id": "ZDI-10-088",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "89462",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZSL",
        "id": "ZSL-2010-4937"
      },
      {
        "db": "VULHUB",
        "id": "VHN-43592"
      },
      {
        "db": "BID",
        "id": "40093"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001478"
      },
      {
        "db": "PACKETSTORM",
        "id": "89444"
      },
      {
        "db": "PACKETSTORM",
        "id": "89462"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0987"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-194"
      }
    ]
  },
  "id": "VAR-201005-0085",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43592"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:11:17.520000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APSB10-12",
        "trust": 0.8,
        "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
      },
      {
        "title": "APSB10-12",
        "trust": 0.8,
        "url": "http://www.adobe.com/jp/support/security/bulletins/apsb10-12.html"
      },
      {
        "title": "Shockwave 11.5.7.609 for Mac Slim",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3595"
      },
      {
        "title": "Adobe Shockwave Player version 11.5.7.609",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3594"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001478"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-194"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43592"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001478"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0987"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.vupen.com/english/advisories/2010/1128"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/40093"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/38751"
      },
      {
        "trust": 2.2,
        "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
      },
      {
        "trust": 2.2,
        "url": "http://secunia.com/secunia_research/2010-50/"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/511265/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7052"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0987"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0987"
      },
      {
        "trust": 0.3,
        "url": "http://www.adobe.com"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/38751/"
      },
      {
        "trust": 0.1,
        "url": "http://packetstormsecurity.org/filedesc/zsl-2010-4937.txt.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.qualys.com/research/alerts/view.php/2010-05-11-2"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1280"
      },
      {
        "trust": 0.1,
        "url": "http://www.exploit-db.com/exploits/12578"
      },
      {
        "trust": 0.1,
        "url": "http://www.securityfocus.com/bid/40081"
      },
      {
        "trust": 0.1,
        "url": "http://www.0daynet.com/2010/0512/335.html"
      },
      {
        "trust": 0.1,
        "url": "http://securityreason.com/exploitalert/8249"
      },
      {
        "trust": 0.1,
        "url": "http://forums.cnet.com/5208-6132_102-0.html?messageid=3303052"
      },
      {
        "trust": 0.1,
        "url": "http://news.dreamings.org/?p=1050"
      },
      {
        "trust": 0.1,
        "url": "http://securitytracker.com/alerts/2010/may/1023980.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.auscert.org.au/render.html?it=12789"
      },
      {
        "trust": 0.1,
        "url": "http://securityvulns.ru/xdocument830.html"
      },
      {
        "trust": 0.1,
        "url": "http://xforce.iss.net/xforce/xfdb/58447"
      },
      {
        "trust": 0.1,
        "url": "http://osvdb.org/show/osvdb/64646"
      },
      {
        "trust": 0.1,
        "url": "http://www.nessus.org/plugins/index.php?view=single\u0026amp;id=46329"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_research/"
      },
      {
        "trust": 0.1,
        "url": "http://www.adobe.com/products/shockwaveplayer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/corporate/jobs/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/mailing_lists/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0987"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_research/2010-19/"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-10-089/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/company/jobs/"
      },
      {
        "trust": 0.1,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_research/2010-17/"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-10-087/"
      },
      {
        "trust": 0.1,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_research/2010-34/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-10-088/"
      },
      {
        "trust": 0.1,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_research/2010-22/"
      },
      {
        "trust": 0.1,
        "url": "http://get.adobe.com/shockwave/"
      },
      {
        "trust": 0.1,
        "url": "http://www.coresecurity.com/content/adobe-director-invalid-read"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_research/2010-20/"
      },
      {
        "trust": 0.1,
        "url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2010-4937.php"
      }
    ],
    "sources": [
      {
        "db": "ZSL",
        "id": "ZSL-2010-4937"
      },
      {
        "db": "VULHUB",
        "id": "VHN-43592"
      },
      {
        "db": "BID",
        "id": "40093"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001478"
      },
      {
        "db": "PACKETSTORM",
        "id": "89444"
      },
      {
        "db": "PACKETSTORM",
        "id": "89462"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0987"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-194"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZSL",
        "id": "ZSL-2010-4937"
      },
      {
        "db": "VULHUB",
        "id": "VHN-43592"
      },
      {
        "db": "BID",
        "id": "40093"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001478"
      },
      {
        "db": "PACKETSTORM",
        "id": "89444"
      },
      {
        "db": "PACKETSTORM",
        "id": "89462"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0987"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-194"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-05-11T00:00:00",
        "db": "ZSL",
        "id": "ZSL-2010-4937"
      },
      {
        "date": "2010-05-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-43592"
      },
      {
        "date": "2010-05-11T00:00:00",
        "db": "BID",
        "id": "40093"
      },
      {
        "date": "2010-05-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001478"
      },
      {
        "date": "2010-05-12T15:30:12",
        "db": "PACKETSTORM",
        "id": "89444"
      },
      {
        "date": "2010-05-13T07:29:48",
        "db": "PACKETSTORM",
        "id": "89462"
      },
      {
        "date": "2010-05-13T17:30:01.953000",
        "db": "NVD",
        "id": "CVE-2010-0987"
      },
      {
        "date": "2010-05-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201005-194"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-03-06T00:00:00",
        "db": "ZSL",
        "id": "ZSL-2010-4937"
      },
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-43592"
      },
      {
        "date": "2010-05-12T18:02:00",
        "db": "BID",
        "id": "40093"
      },
      {
        "date": "2010-05-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001478"
      },
      {
        "date": "2022-11-03T17:38:37.420000",
        "db": "NVD",
        "id": "CVE-2010-0987"
      },
      {
        "date": "2022-04-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201005-194"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-194"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Adobe Shockwave Player Heap-based buffer overflow vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001478"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-194"
      }
    ],
    "trust": 0.6
  }
}

gsd-2010-0987

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.

Aliases

CVE-2010-0987

Aliases

CVE-2010-0987

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-0987",
    "description": "Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.",
    "id": "GSD-2010-0987"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-0987"
      ],
      "details": "Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.",
      "id": "GSD-2010-0987",
      "modified": "2023-12-13T01:21:28.863355Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
        "ID": "CVE-2010-0987",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "38751",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38751"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
          },
          {
            "name": "http://secunia.com/secunia_research/2010-50/",
            "refsource": "MISC",
            "url": "http://secunia.com/secunia_research/2010-50/"
          },
          {
            "name": "ADV-2010-1128",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/1128"
          },
          {
            "name": "20100512 Secunia Research: Adobe Shockwave Player Font Processing Buffer Overflow",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/511265/100/0/threaded"
          },
          {
            "name": "40093",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/40093"
          },
          {
            "name": "oval:org.mitre.oval:def:7052",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7052"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.5.7.609",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2010-0987"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
            },
            {
              "name": "http://secunia.com/secunia_research/2010-50/",
              "refsource": "MISC",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/secunia_research/2010-50/"
            },
            {
              "name": "38751",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/38751"
            },
            {
              "name": "ADV-2010-1128",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/1128"
            },
            {
              "name": "40093",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/40093"
            },
            {
              "name": "oval:org.mitre.oval:def:7052",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7052"
            },
            {
              "name": "20100512 Secunia Research: Adobe Shockwave Player Font Processing Buffer Overflow",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/511265/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-11-03T17:38Z",
      "publishedDate": "2010-05-13T17:30Z"
    }
  }
}

CVE-2010-0987

Vulnerability from fkie_nvd

Published

2010-05-13 17:30

Modified

2024-11-21 01:13

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.

References

URL	Tags
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/38751	Not Applicable
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2010-50/	Not Applicable
PSIRT-CNA@flexerasoftware.com	http://www.adobe.com/support/security/bulletins/apsb10-12.html	Patch, Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/511265/100/0/threaded	Third Party Advisory, VDB Entry
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/bid/40093	Third Party Advisory, VDB Entry
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2010/1128	Permissions Required
PSIRT-CNA@flexerasoftware.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7052	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38751	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2010-50/	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb10-12.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/511265/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/40093	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1128	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7052	Third Party Advisory

Impacted products

Vendor	Product	Version
adobe	shockwave_player	*
apple	macos	*
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A79D960-7961-4737-B69E-C070DA62C9AD",
              "versionEndExcluding": "11.5.7.609",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C56F007-5F8E-4BDD-A803-C907BCC0AF55",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en Adobe Shockwave Player en versiones anteriores a la 11.5.7.609 puede permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante fuentes manipuladas embebidas  en un fichero Shockwave."
    }
  ],
  "id": "CVE-2010-0987",
  "lastModified": "2024-11-21T01:13:21.710",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2010-05-13T17:30:01.953",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/38751"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/secunia_research/2010-50/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/511265/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/40093"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1128"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/38751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/secunia_research/2010-50/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/511265/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/40093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7052"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-0987

Vulnerability from cvelistv5

ghsa-7rqr-xjw8-v6q2

Vulnerability from github

var-201005-0085

Vulnerability from variot

gsd-2010-0987

Vulnerability from gsd

CVE-2010-0987

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature