Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2010-AVI-400
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités dans Adobe Shockwave Player permettent l'exécution de code arbitraire à distance.
Description
De multiples vulnérabilités ont été découvertes dans Adobe Shockwave Player. Celles-ci permettent l'exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Adobe Shockwave Player versions 11.5.7.609 et antérieures pour Windows et Mac OS.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003e\u003cSPAN class=\"textit\"\u003eAdobe Shockwave Player\u003c/SPAN\u003e versions 11.5.7.609 et ant\u00e9rieures pour Windows et Mac OS.\u003c/P\u003e",
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Adobe Shockwave\nPlayer. Celles-ci permettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-2865",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2865"
},
{
"name": "CVE-2010-2876",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2876"
},
{
"name": "CVE-2010-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2879"
},
{
"name": "CVE-2010-2882",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2882"
},
{
"name": "CVE-2010-2875",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2875"
},
{
"name": "CVE-2010-2866",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2866"
},
{
"name": "CVE-2010-2878",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2878"
},
{
"name": "CVE-2010-2872",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2872"
},
{
"name": "CVE-2010-2873",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2873"
},
{
"name": "CVE-2010-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2867"
},
{
"name": "CVE-2010-2874",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2874"
},
{
"name": "CVE-2010-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2877"
},
{
"name": "CVE-2010-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2869"
},
{
"name": "CVE-2010-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2868"
},
{
"name": "CVE-2010-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2870"
},
{
"name": "CVE-2010-2881",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2881"
},
{
"name": "CVE-2010-2863",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2863"
},
{
"name": "CVE-2010-2864",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2864"
},
{
"name": "CVE-2010-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2880"
},
{
"name": "CVE-2010-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2871"
}
],
"links": [],
"reference": "CERTA-2010-AVI-400",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-08-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eAdobe Shockwave\nPlayer\u003c/span\u003e permettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Shockwave Player",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB10-20 du 24 ao\u00fbt 2010",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
}
]
}
CVE-2010-2873 (GCVE-0-2010-2873)
Vulnerability from cvelistv5 – Published: 2010-08-26 20:00 – Updated: 2024-08-07 02:46
VLAI
EPSS
Summary
Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1024361 | vdb-entryx_refsource_SECTRACK |
| http://www.adobe.com/support/security/bulletins/a… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.securityfocus.com/archive/1/513307/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.zerodayinitiative.com/advisories/ZDI-10-162 | x_refsource_MISC |
| http://www.securityfocus.com/bid/42682 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2010/2176 | vdb-entryx_refsource_VUPEN |
Date Public
2010-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:12042",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12042"
},
{
"name": "20100824 ZDI-10-162: Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513307/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-162"
},
{
"name": "42682",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42682"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:12042",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12042"
},
{
"name": "20100824 ZDI-10-162: Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513307/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-162"
},
{
"name": "42682",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42682"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024361"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:12042",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12042"
},
{
"name": "20100824 ZDI-10-162: Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513307/100/0/threaded"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-162",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-162"
},
{
"name": "42682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42682"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-2873",
"datePublished": "2010-08-26T20:00:00.000Z",
"dateReserved": "2010-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:46:48.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2874 (GCVE-0-2010-2874)
Vulnerability from cvelistv5 – Published: 2010-09-07 17:00 – Updated: 2024-08-07 02:46
VLAI
EPSS
Summary
Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. NOTE: due to conflicting information and use of the same CVE identifier by the vendor, ZDI, and TippingPoint, it is not clear whether this issue is related to use of an uninitialized pointer, an incorrect pointer offset calculation, or both.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1024361 | vdb-entryx_refsource_SECTRACK |
| http://www.adobe.com/support/security/bulletins/a… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.vupen.com/english/advisories/2010/2176 | vdb-entryx_refsource_VUPEN |
Date Public
2010-08-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:11924",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11924"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. NOTE: due to conflicting information and use of the same CVE identifier by the vendor, ZDI, and TippingPoint, it is not clear whether this issue is related to use of an uninitialized pointer, an incorrect pointer offset calculation, or both."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:11924",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11924"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. NOTE: due to conflicting information and use of the same CVE identifier by the vendor, ZDI, and TippingPoint, it is not clear whether this issue is related to use of an uninitialized pointer, an incorrect pointer offset calculation, or both."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024361"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:11924",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11924"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-2874",
"datePublished": "2010-09-07T17:00:00.000Z",
"dateReserved": "2010-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:46:48.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2875 (GCVE-0-2010-2875)
Vulnerability from cvelistv5 – Published: 2010-08-26 20:00 – Updated: 2024-08-07 02:46
VLAI
EPSS
Summary
Integer signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated with the tSAC chunk in a Director movie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1024361 | vdb-entryx_refsource_SECTRACK |
| http://www.adobe.com/support/security/bulletins/a… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.vupen.com/english/advisories/2010/2176 | vdb-entryx_refsource_VUPEN |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
Date Public
2010-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:11521",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11521"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
},
{
"name": "20100824 Adobe Shockwave Player Memory Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=878"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated with the tSAC chunk in a Director movie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:11521",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11521"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
},
{
"name": "20100824 Adobe Shockwave Player Memory Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=878"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated with the tSAC chunk in a Director movie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024361"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:11521",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11521"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
},
{
"name": "20100824 Adobe Shockwave Player Memory Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=878"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-2875",
"datePublished": "2010-08-26T20:00:00.000Z",
"dateReserved": "2010-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:46:48.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2876 (GCVE-0-2010-2876)
Vulnerability from cvelistv5 – Published: 2010-08-26 20:00 – Updated: 2024-08-07 02:46
VLAI
EPSS
Summary
Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/513312/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securitytracker.com/id?1024361 | vdb-entryx_refsource_SECTRACK |
| http://www.adobe.com/support/security/bulletins/a… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.zerodayinitiative.com/advisories/ZDI-10-164 | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2010/2176 | vdb-entryx_refsource_VUPEN |
Date Public
2010-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100824 ZDI-10-164: Adobe Shockwave Player Director File FFFFFF88 Record Processing Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513312/100/0/threaded"
},
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:11805",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11805"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-164"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "20100824 ZDI-10-164: Adobe Shockwave Player Director File FFFFFF88 Record Processing Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513312/100/0/threaded"
},
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:11805",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11805"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-164"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100824 ZDI-10-164: Adobe Shockwave Player Director File FFFFFF88 Record Processing Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513312/100/0/threaded"
},
{
"name": "1024361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024361"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:11805",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11805"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-164",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-164"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-2876",
"datePublished": "2010-08-26T20:00:00.000Z",
"dateReserved": "2010-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:46:48.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2877 (GCVE-0-2010-2877)
Vulnerability from cvelistv5 – Published: 2010-08-26 20:00 – Updated: 2024-08-07 02:46
VLAI
EPSS
Summary
Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32X.dll and DIRAPIX.dll.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1024361 | vdb-entryx_refsource_SECTRACK |
| http://www.adobe.com/support/security/bulletins/a… | x_refsource_CONFIRM |
| http://dvlabs.tippingpoint.com/advisory/TPTI-10-09 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/513296/100… | mailing-listx_refsource_BUGTRAQ |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.vupen.com/english/advisories/2010/2176 | vdb-entryx_refsource_VUPEN |
Date Public
2010-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-09"
},
{
"name": "20100824 TPTI-10-09: Adobe Shockwave CSWV Chunk Memory Corruption Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513296/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:11895",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11895"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32X.dll and DIRAPIX.dll."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-09"
},
{
"name": "20100824 TPTI-10-09: Adobe Shockwave CSWV Chunk Memory Corruption Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513296/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:11895",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11895"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32X.dll and DIRAPIX.dll."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024361"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-09",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-09"
},
{
"name": "20100824 TPTI-10-09: Adobe Shockwave CSWV Chunk Memory Corruption Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513296/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:11895",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11895"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-2877",
"datePublished": "2010-08-26T20:00:00.000Z",
"dateReserved": "2010-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:46:48.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2878 (GCVE-0-2010-2878)
Vulnerability from cvelistv5 – Published: 2010-08-26 20:00 – Updated: 2024-08-07 02:46
VLAI
EPSS
Summary
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1024361 | vdb-entryx_refsource_SECTRACK |
| http://www.adobe.com/support/security/bulletins/a… | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/513298/100… | mailing-listx_refsource_BUGTRAQ |
| http://dvlabs.tippingpoint.com/advisory/TPTI-10-10 | x_refsource_MISC |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.vupen.com/english/advisories/2010/2176 | vdb-entryx_refsource_VUPEN |
Date Public
2010-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "20100824 TPTI-10-10: Adobe Shockwave tSAC Chunk Invalid Seek Memory Corruption Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513298/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-10"
},
{
"name": "oval:org.mitre.oval:def:11883",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11883"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "20100824 TPTI-10-10: Adobe Shockwave tSAC Chunk Invalid Seek Memory Corruption Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513298/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-10"
},
{
"name": "oval:org.mitre.oval:def:11883",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11883"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024361"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "20100824 TPTI-10-10: Adobe Shockwave tSAC Chunk Invalid Seek Memory Corruption Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513298/100/0/threaded"
},
{
"name": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-10",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-10"
},
{
"name": "oval:org.mitre.oval:def:11883",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11883"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-2878",
"datePublished": "2010-08-26T20:00:00.000Z",
"dateReserved": "2010-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:46:48.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2879 (GCVE-0-2010-2879)
Vulnerability from cvelistv5 – Published: 2010-08-26 20:00 – Updated: 2024-08-07 02:46
VLAI
EPSS
Summary
Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count or (2) element size value in a file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1024361 | vdb-entryx_refsource_SECTRACK |
| http://www.adobe.com/support/security/bulletins/a… | x_refsource_CONFIRM |
| http://dvlabs.tippingpoint.com/advisory/TPTI-10-12 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/513300/100… | mailing-listx_refsource_BUGTRAQ |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.vupen.com/english/advisories/2010/2176 | vdb-entryx_refsource_VUPEN |
Date Public
2010-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-12"
},
{
"name": "20100824 TPTI-10-12: Adobe Shockwave TextXtra Allocator Integer Overflow Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513300/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:11998",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11998"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count or (2) element size value in a file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-12"
},
{
"name": "20100824 TPTI-10-12: Adobe Shockwave TextXtra Allocator Integer Overflow Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513300/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:11998",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11998"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count or (2) element size value in a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024361"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-12",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-12"
},
{
"name": "20100824 TPTI-10-12: Adobe Shockwave TextXtra Allocator Integer Overflow Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513300/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:11998",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11998"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-2879",
"datePublished": "2010-08-26T20:00:00.000Z",
"dateReserved": "2010-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:46:48.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2880 (GCVE-0-2010-2880)
Vulnerability from cvelistv5 – Published: 2010-08-26 20:00 – Updated: 2024-08-07 02:46
VLAI
EPSS
Summary
DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x47 of a certain file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1024361 | vdb-entryx_refsource_SECTRACK |
| http://www.adobe.com/support/security/bulletins/a… | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/513331/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2010/2176 | vdb-entryx_refsource_VUPEN |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
Date Public
2010-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "20100825 Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2880",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513331/100/0/threaded"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
},
{
"name": "oval:org.mitre.oval:def:12012",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x47 of a certain file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "20100825 Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2880",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513331/100/0/threaded"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
},
{
"name": "oval:org.mitre.oval:def:12012",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x47 of a certain file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024361"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "20100825 Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2880",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513331/100/0/threaded"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
},
{
"name": "oval:org.mitre.oval:def:12012",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-2880",
"datePublished": "2010-08-26T20:00:00.000Z",
"dateReserved": "2010-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:46:48.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2881 (GCVE-0-2010-2881)
Vulnerability from cvelistv5 – Published: 2010-08-26 20:00 – Updated: 2024-08-07 02:46
VLAI
EPSS
Summary
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a certain file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1024361 | vdb-entryx_refsource_SECTRACK |
| http://www.adobe.com/support/security/bulletins/a… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.securityfocus.com/archive/1/513328/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2010/2176 | vdb-entryx_refsource_VUPEN |
Date Public
2010-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:11614",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11614"
},
{
"name": "20100825 Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2881",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513328/100/0/threaded"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a certain file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:11614",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11614"
},
{
"name": "20100825 Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2881",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513328/100/0/threaded"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a certain file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024361"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:11614",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11614"
},
{
"name": "20100825 Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2881",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513328/100/0/threaded"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-2881",
"datePublished": "2010-08-26T20:00:00.000Z",
"dateReserved": "2010-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:46:48.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2882 (GCVE-0-2010-2882)
Vulnerability from cvelistv5 – Published: 2010-08-26 20:00 – Updated: 2024-08-07 02:46
VLAI
EPSS
Summary
DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3812 of a certain file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1024361 | vdb-entryx_refsource_SECTRACK |
| http://www.adobe.com/support/security/bulletins/a… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.securityfocus.com/archive/1/513339/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2010/2176 | vdb-entryx_refsource_VUPEN |
Date Public
2010-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:12069",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12069"
},
{
"name": "20100825 Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2882",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513339/100/0/threaded"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3812 of a certain file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1024361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024361"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:12069",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12069"
},
{
"name": "20100825 Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2882",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513339/100/0/threaded"
},
{
"name": "ADV-2010-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3812 of a certain file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024361"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:12069",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12069"
},
{
"name": "20100825 Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2882",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513339/100/0/threaded"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-2882",
"datePublished": "2010-08-26T20:00:00.000Z",
"dateReserved": "2010-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:46:48.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…