cvelistv5 - cve-2010-4188

CVE-2010-4188 (GCVE-0-2010-4188)

Vulnerability from cvelistv5 – Published: 2011-02-10 15:00 – Updated: 2024-08-07 03:34

Summary

The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk with a size field of 0, which is used in the calculation of a file offset and causes invalid data to be used as a loop counter, triggering a heap-based buffer overflow, a different vulnerability than CVE-2010-2587 and CVE-2010-2588.

Severity ?

No CVSS data available.

CWE

Assigner

adobe

References

URL

Tags

	http://www.vupen.com/english/advisories/2011/0335	vdb-entryx_refsource_VUPEN
	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/46319	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id?1025056	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/516332/100…	mailing-listx_refsource_BUGTRAQ
	http://dvlabs.tippingpoint.com/advisory/TPTI-11-01	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:34:37.536Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-0335",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0335"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
          },
          {
            "name": "46319",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46319"
          },
          {
            "name": "1025056",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025056"
          },
          {
            "name": "20110209 TPTI-11-01: Adobe Shockwave dirapi.dll IFWV Trusted Offset Remote Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516332/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk with a size field of 0, which is used in the calculation of a file offset and causes invalid data to be used as a loop counter, triggering a heap-based buffer overflow, a different vulnerability than CVE-2010-2587 and CVE-2010-2588."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "ADV-2011-0335",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0335"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
        },
        {
          "name": "46319",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46319"
        },
        {
          "name": "1025056",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025056"
        },
        {
          "name": "20110209 TPTI-11-01: Adobe Shockwave dirapi.dll IFWV Trusted Offset Remote Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516332/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2010-4188",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk with a size field of 0, which is used in the calculation of a file offset and causes invalid data to be used as a loop counter, triggering a heap-based buffer overflow, a different vulnerability than CVE-2010-2587 and CVE-2010-2588."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2011-0335",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0335"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb11-01.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
            },
            {
              "name": "46319",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46319"
            },
            {
              "name": "1025056",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025056"
            },
            {
              "name": "20110209 TPTI-11-01: Adobe Shockwave dirapi.dll IFWV Trusted Offset Remote Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516332/100/0/threaded"
            },
            {
              "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-01",
              "refsource": "MISC",
              "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2010-4188",
    "datePublished": "2011-02-10T15:00:00",
    "dateReserved": "2010-11-05T00:00:00",
    "dateUpdated": "2024-08-07T03:34:37.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"11.5.9.615\", \"matchCriteriaId\": \"1601F8CE-9D13-473A-AABA-C76C96C87679\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA5643BC-12F8-4F05-A363-9FC97EF1DD0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"085FA7DD-8048-4768-816C-82828022FCF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0DC258D-1C2B-4A7F-AD80-6C88A7A78A5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"966A8542-E5E1-468F-989E-47F71123A426\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DC1BCC0-B24B-4CFC-B3B9-FA3B0D968CC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFFDAAB3-CC22-4604-80B3-4A54CCEFD29E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A77F1733-6755-44E7-8ECC-CFB397FC79A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9282EC1A-DFDB-49A9-8BE1-013D9B494D99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4A8422D-39E4-490C-B3EC-FED7468D6B4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88A75AF4-F7BA-4CA4-8079-5D9794E1BD45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"712325E1-B37A-4994-B42E-F02553A3CB9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC55CB2C-4DBC-4D16-96A7-FB3316A21D51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FADB5808-5F9A-4FBD-A6FC-3DB17A6C6CF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFC415B5-F7C8-4277-A4A3-ECFA2CB38515\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3454FF46-3D72-4FF9-AF5B-2E948DA412D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4726504-850B-4434-A149-09000D21F917\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6D89450-C92C-4541-917B-AD047803A2AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"798EB26B-14D6-4E90-AC84-FF47B89B82E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA562619-7FAA-4FA6-AE42-55801AF00D9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA961FB2-C543-4A1C-9C9E-C56641EB13FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17F5982F-35BD-49A0-9DBE-774816136D57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56D23F59-4939-4ABE-A5BC-283BFC362E45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE1DB962-10C6-4536-B693-4AF59F0C4D94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA60B4FB-2BA4-4304-A7B8-8F0676C4F022\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7D6B993-1CF8-4944-8456-B99A72F24814\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D18289BB-6568-4671-BC70-C8744DD2E0C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD29AACC-E101-494B-BFD4-D97FDBE4A584\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F52120E-9CAB-40D9-A577-5D8278139F50\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AAB05A7D-3017-4589-AE5C-B1A377AF02B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58C665F7-E05D-4A8C-B217-6689C95D3FF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8441B2BB-3837-4EDE-B44E-323B434CBF56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2007F032-06BA-4347-9D9E-2C7C4C9BBCD0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF19CBB1-F047-4472-A19D-48A147396383\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C51EB3CF-6770-4626-BDA7-9ED94A374911\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C61B9485-2A42-4C95-9A10-3F1102E4EBBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79FEEF7E-B477-485A-B9BC-98F6D1A2B10B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4FE4A01-9357-46D9-9BCB-DF2B4DECD9B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B9506D5-D8CA-4845-B2FA-0E47C9BB3C1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FBAFFFF-D658-45F0-AF14-BA29AA2D5394\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BFB28F3-ADA5-4BD1-9723-73FA291307BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9760A554-1D44-4249-97DE-8423A97BA9FB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk with a size field of 0, which is used in the calculation of a file offset and causes invalid data to be used as a loop counter, triggering a heap-based buffer overflow, a different vulnerability than CVE-2010-2587 and CVE-2010-2588.\"}, {\"lang\": \"es\", \"value\": \"El m\\u00f3dulo dirapi.dll de Shockwave Player de Adobe anterior a versi\\u00f3n 11.5.9.620, permite a los atacantes ejecutar c\\u00f3digo arbitrario o causar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de memoria) por medio de una pel\\u00edcula Director con un fragmento IFWV con un campo de tama\\u00f1o 0, que es usado en el c\\u00e1lculo de un desplazamiento de archivo y causa que los datos no v\\u00e1lidos sean usados como un contador de bucle, desencadenando un desbordamiento de b\\u00fafer en la regi\\u00f3n heap de la memoria, una vulnerabilidad diferente de CVE-2010-2587 y CVE-2010-2588.\"}]",
      "id": "CVE-2010-4188",
      "lastModified": "2024-11-21T01:20:24.380",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2011-02-10T16:00:12.863",
      "references": "[{\"url\": \"http://dvlabs.tippingpoint.com/advisory/TPTI-11-01\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb11-01.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/516332/100/0/threaded\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.securityfocus.com/bid/46319\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.securitytracker.com/id?1025056\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0335\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://dvlabs.tippingpoint.com/advisory/TPTI-11-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb11-01.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/516332/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/46319\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1025056\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0335\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@adobe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-4188\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2011-02-10T16:00:12.863\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk with a size field of 0, which is used in the calculation of a file offset and causes invalid data to be used as a loop counter, triggering a heap-based buffer overflow, a different vulnerability than CVE-2010-2587 and CVE-2010-2588.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dulo dirapi.dll de Shockwave Player de Adobe anterior a versi\u00f3n 11.5.9.620, permite a los atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) por medio de una pel\u00edcula Director con un fragmento IFWV con un campo de tama\u00f1o 0, que es usado en el c\u00e1lculo de un desplazamiento de archivo y causa que los datos no v\u00e1lidos sean usados como un contador de bucle, desencadenando un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria, una vulnerabilidad diferente de CVE-2010-2587 y CVE-2010-2588.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"11.5.9.615\",\"matchCriteriaId\":\"1601F8CE-9D13-473A-AABA-C76C96C87679\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA5643BC-12F8-4F05-A363-9FC97EF1DD0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"085FA7DD-8048-4768-816C-82828022FCF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0DC258D-1C2B-4A7F-AD80-6C88A7A78A5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"966A8542-E5E1-468F-989E-47F71123A426\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DC1BCC0-B24B-4CFC-B3B9-FA3B0D968CC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFFDAAB3-CC22-4604-80B3-4A54CCEFD29E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A77F1733-6755-44E7-8ECC-CFB397FC79A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9282EC1A-DFDB-49A9-8BE1-013D9B494D99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4A8422D-39E4-490C-B3EC-FED7468D6B4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88A75AF4-F7BA-4CA4-8079-5D9794E1BD45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"712325E1-B37A-4994-B42E-F02553A3CB9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC55CB2C-4DBC-4D16-96A7-FB3316A21D51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FADB5808-5F9A-4FBD-A6FC-3DB17A6C6CF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFC415B5-F7C8-4277-A4A3-ECFA2CB38515\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3454FF46-3D72-4FF9-AF5B-2E948DA412D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4726504-850B-4434-A149-09000D21F917\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6D89450-C92C-4541-917B-AD047803A2AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"798EB26B-14D6-4E90-AC84-FF47B89B82E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA562619-7FAA-4FA6-AE42-55801AF00D9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA961FB2-C543-4A1C-9C9E-C56641EB13FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F5982F-35BD-49A0-9DBE-774816136D57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56D23F59-4939-4ABE-A5BC-283BFC362E45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE1DB962-10C6-4536-B693-4AF59F0C4D94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA60B4FB-2BA4-4304-A7B8-8F0676C4F022\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7D6B993-1CF8-4944-8456-B99A72F24814\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D18289BB-6568-4671-BC70-C8744DD2E0C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD29AACC-E101-494B-BFD4-D97FDBE4A584\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F52120E-9CAB-40D9-A577-5D8278139F50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAB05A7D-3017-4589-AE5C-B1A377AF02B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58C665F7-E05D-4A8C-B217-6689C95D3FF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8441B2BB-3837-4EDE-B44E-323B434CBF56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2007F032-06BA-4347-9D9E-2C7C4C9BBCD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF19CBB1-F047-4472-A19D-48A147396383\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C51EB3CF-6770-4626-BDA7-9ED94A374911\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C61B9485-2A42-4C95-9A10-3F1102E4EBBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79FEEF7E-B477-485A-B9BC-98F6D1A2B10B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4FE4A01-9357-46D9-9BCB-DF2B4DECD9B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B9506D5-D8CA-4845-B2FA-0E47C9BB3C1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FBAFFFF-D658-45F0-AF14-BA29AA2D5394\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BFB28F3-ADA5-4BD1-9723-73FA291307BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9760A554-1D44-4249-97DE-8423A97BA9FB\"}]}]}],\"references\":[{\"url\":\"http://dvlabs.tippingpoint.com/advisory/TPTI-11-01\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb11-01.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/516332/100/0/threaded\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.securityfocus.com/bid/46319\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.securitytracker.com/id?1025056\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0335\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://dvlabs.tippingpoint.com/advisory/TPTI-11-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb11-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/516332/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/46319\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025056\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0335\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-2RC6-M8FX-55W4

Vulnerability from github – Published: 2022-05-14 02:42 – Updated: 2022-05-14 02:42

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-4188"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-02-10T16:00:00Z",
    "severity": "HIGH"
  },
  "details": "The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk with a size field of 0, which is used in the calculation of a file offset and causes invalid data to be used as a loop counter, triggering a heap-based buffer overflow, a different vulnerability than CVE-2010-2587 and CVE-2010-2588.",
  "id": "GHSA-2rc6-m8fx-55w4",
  "modified": "2022-05-14T02:42:46Z",
  "published": "2022-05-14T02:42:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4188"
    },
    {
      "type": "WEB",
      "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-01"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/516332/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/46319"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025056"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0335"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2010-4188

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-4188

Aliases

CVE-2010-4188

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-4188",
    "description": "The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk with a size field of 0, which is used in the calculation of a file offset and causes invalid data to be used as a loop counter, triggering a heap-based buffer overflow, a different vulnerability than CVE-2010-2587 and CVE-2010-2588.",
    "id": "GSD-2010-4188"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-4188"
      ],
      "details": "The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk with a size field of 0, which is used in the calculation of a file offset and causes invalid data to be used as a loop counter, triggering a heap-based buffer overflow, a different vulnerability than CVE-2010-2587 and CVE-2010-2588.",
      "id": "GSD-2010-4188",
      "modified": "2023-12-13T01:21:30.540186Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2010-4188",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk with a size field of 0, which is used in the calculation of a file offset and causes invalid data to be used as a loop counter, triggering a heap-based buffer overflow, a different vulnerability than CVE-2010-2587 and CVE-2010-2588."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2011-0335",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0335"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb11-01.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
          },
          {
            "name": "46319",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/46319"
          },
          {
            "name": "1025056",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1025056"
          },
          {
            "name": "20110209 TPTI-11-01: Adobe Shockwave dirapi.dll IFWV Trusted Offset Remote Code Execution Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/516332/100/0/threaded"
          },
          {
            "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-01",
            "refsource": "MISC",
            "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.5.9.615",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2010-4188"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk with a size field of 0, which is used in the calculation of a file offset and causes invalid data to be used as a loop counter, triggering a heap-based buffer overflow, a different vulnerability than CVE-2010-2587 and CVE-2010-2588."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb11-01.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
            },
            {
              "name": "1025056",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1025056"
            },
            {
              "name": "46319",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/46319"
            },
            {
              "name": "ADV-2011-0335",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0335"
            },
            {
              "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-01",
              "refsource": "MISC",
              "tags": [],
              "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-01"
            },
            {
              "name": "20110209 TPTI-11-01: Adobe Shockwave dirapi.dll IFWV Trusted Offset Remote Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/516332/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-10T20:07Z",
      "publishedDate": "2011-02-10T16:00Z"
    }
  }
}

CERTA-2011-AVI-075

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Adobe Shockwave Player. Elles permettent toutes l'exécution de code arbitraire à distance.

Description

Les 21 vulnérabilités concernées affectent différents modules de Adobe Shockwave Player, par exemple la gestion de polices de caractère, ou l'affichage en trois dimensions et permettent toutes l'exécution de code arbitraire à distance. Une personne malveillante peut les exploiter avec un fichier Shockwave spécialement conçu, qui sera ouvert par la victime.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Adobe Shockwave Player 11.5.9.615 et versions précédentes pour systèmes Windows et Macintosh.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe apsb-01 du 8 février 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eAdobe Shockwave Player 11.5.9.615 et versions pr\u00e9c\u00e9dentes pour  syst\u00e8mes Windows et Macintosh.\u003c/P\u003e",
  "content": "## Description\n\nLes 21 vuln\u00e9rabilit\u00e9s concern\u00e9es affectent diff\u00e9rents modules de Adobe\nShockwave Player, par exemple la gestion de polices de caract\u00e8re, ou\nl\u0027affichage en trois dimensions et permettent toutes l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance. Une personne malveillante peut les exploiter avec\nun fichier Shockwave sp\u00e9cialement con\u00e7u, qui sera ouvert par la victime.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4189"
    },
    {
      "name": "CVE-2011-0569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0569"
    },
    {
      "name": "CVE-2010-4188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4188"
    },
    {
      "name": "CVE-2010-4194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4194"
    },
    {
      "name": "CVE-2010-2587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2587"
    },
    {
      "name": "CVE-2010-4195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4195"
    },
    {
      "name": "CVE-2010-4306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4306"
    },
    {
      "name": "CVE-2010-4092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4092"
    },
    {
      "name": "CVE-2010-4193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4193"
    },
    {
      "name": "CVE-2010-4192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4192"
    },
    {
      "name": "CVE-2011-0555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0555"
    },
    {
      "name": "CVE-2010-4191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4191"
    },
    {
      "name": "CVE-2010-4196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4196"
    },
    {
      "name": "CVE-2011-0556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0556"
    },
    {
      "name": "CVE-2010-4190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4190"
    },
    {
      "name": "CVE-2010-4307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4307"
    },
    {
      "name": "CVE-2010-2588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2588"
    },
    {
      "name": "CVE-2011-0557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0557"
    },
    {
      "name": "CVE-2010-4093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4093"
    },
    {
      "name": "CVE-2010-4187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4187"
    },
    {
      "name": "CVE-2010-2589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2589"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-075",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Adobe Shockwave\nPlayer. Elles permettent toutes l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Shockwave Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb-01 du 8 f\u00e9vrier 2011",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
    }
  ]
}

CERTA-2011-AVI-075

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Adobe Shockwave Player. Elles permettent toutes l'exécution de code arbitraire à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Adobe Shockwave Player 11.5.9.615 et versions précédentes pour systèmes Windows et Macintosh.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe apsb-01 du 8 février 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eAdobe Shockwave Player 11.5.9.615 et versions pr\u00e9c\u00e9dentes pour  syst\u00e8mes Windows et Macintosh.\u003c/P\u003e",
  "content": "## Description\n\nLes 21 vuln\u00e9rabilit\u00e9s concern\u00e9es affectent diff\u00e9rents modules de Adobe\nShockwave Player, par exemple la gestion de polices de caract\u00e8re, ou\nl\u0027affichage en trois dimensions et permettent toutes l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance. Une personne malveillante peut les exploiter avec\nun fichier Shockwave sp\u00e9cialement con\u00e7u, qui sera ouvert par la victime.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4189"
    },
    {
      "name": "CVE-2011-0569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0569"
    },
    {
      "name": "CVE-2010-4188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4188"
    },
    {
      "name": "CVE-2010-4194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4194"
    },
    {
      "name": "CVE-2010-2587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2587"
    },
    {
      "name": "CVE-2010-4195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4195"
    },
    {
      "name": "CVE-2010-4306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4306"
    },
    {
      "name": "CVE-2010-4092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4092"
    },
    {
      "name": "CVE-2010-4193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4193"
    },
    {
      "name": "CVE-2010-4192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4192"
    },
    {
      "name": "CVE-2011-0555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0555"
    },
    {
      "name": "CVE-2010-4191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4191"
    },
    {
      "name": "CVE-2010-4196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4196"
    },
    {
      "name": "CVE-2011-0556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0556"
    },
    {
      "name": "CVE-2010-4190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4190"
    },
    {
      "name": "CVE-2010-4307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4307"
    },
    {
      "name": "CVE-2010-2588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2588"
    },
    {
      "name": "CVE-2011-0557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0557"
    },
    {
      "name": "CVE-2010-4093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4093"
    },
    {
      "name": "CVE-2010-4187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4187"
    },
    {
      "name": "CVE-2010-2589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2589"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-075",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Adobe Shockwave\nPlayer. Elles permettent toutes l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Shockwave Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb-01 du 8 f\u00e9vrier 2011",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
    }
  ]
}

FKIE_CVE-2010-4188

Vulnerability from fkie_nvd - Published: 2011-02-10 16:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
psirt@adobe.com	http://dvlabs.tippingpoint.com/advisory/TPTI-11-01
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb11-01.html	Patch, Vendor Advisory
psirt@adobe.com	http://www.securityfocus.com/archive/1/516332/100/0/threaded
psirt@adobe.com	http://www.securityfocus.com/bid/46319
psirt@adobe.com	http://www.securitytracker.com/id?1025056
psirt@adobe.com	http://www.vupen.com/english/advisories/2011/0335	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://dvlabs.tippingpoint.com/advisory/TPTI-11-01
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb11-01.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/516332/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46319
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025056
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0335	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	shockwave_player	*
adobe	shockwave_player	1.0
adobe	shockwave_player	2.0
adobe	shockwave_player	3.0
adobe	shockwave_player	4.0
adobe	shockwave_player	5.0
adobe	shockwave_player	6.0
adobe	shockwave_player	8.0
adobe	shockwave_player	8.0.196
adobe	shockwave_player	8.0.196a
adobe	shockwave_player	8.0.204
adobe	shockwave_player	8.0.205
adobe	shockwave_player	8.5.1
adobe	shockwave_player	8.5.1.100
adobe	shockwave_player	8.5.1.103
adobe	shockwave_player	8.5.1.105
adobe	shockwave_player	8.5.1.106
adobe	shockwave_player	8.5.321
adobe	shockwave_player	8.5.323
adobe	shockwave_player	8.5.324
adobe	shockwave_player	8.5.325
adobe	shockwave_player	9
adobe	shockwave_player	9.0.383
adobe	shockwave_player	9.0.432
adobe	shockwave_player	10.0.0.210
adobe	shockwave_player	10.0.1.004
adobe	shockwave_player	10.1.0.11
adobe	shockwave_player	10.1.0.011
adobe	shockwave_player	10.1.1.016
adobe	shockwave_player	10.1.4.020
adobe	shockwave_player	10.2.0.021
adobe	shockwave_player	10.2.0.022
adobe	shockwave_player	10.2.0.023
adobe	shockwave_player	11.0.0.456
adobe	shockwave_player	11.0.3.471
adobe	shockwave_player	11.5.0.595
adobe	shockwave_player	11.5.0.596
adobe	shockwave_player	11.5.1.601
adobe	shockwave_player	11.5.2.602
adobe	shockwave_player	11.5.6.606
adobe	shockwave_player	11.5.7.609
adobe	shockwave_player	11.5.8.612

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1601F8CE-9D13-473A-AABA-C76C96C87679",
              "versionEndIncluding": "11.5.9.615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA5643BC-12F8-4F05-A363-9FC97EF1DD0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "085FA7DD-8048-4768-816C-82828022FCF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0DC258D-1C2B-4A7F-AD80-6C88A7A78A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "966A8542-E5E1-468F-989E-47F71123A426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DC1BCC0-B24B-4CFC-B3B9-FA3B0D968CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFFDAAB3-CC22-4604-80B3-4A54CCEFD29E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A77F1733-6755-44E7-8ECC-CFB397FC79A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*",
              "matchCriteriaId": "9282EC1A-DFDB-49A9-8BE1-013D9B494D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4A8422D-39E4-490C-B3EC-FED7468D6B4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*",
              "matchCriteriaId": "88A75AF4-F7BA-4CA4-8079-5D9794E1BD45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*",
              "matchCriteriaId": "712325E1-B37A-4994-B42E-F02553A3CB9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC55CB2C-4DBC-4D16-96A7-FB3316A21D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADB5808-5F9A-4FBD-A6FC-3DB17A6C6CF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFC415B5-F7C8-4277-A4A3-ECFA2CB38515",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*",
              "matchCriteriaId": "3454FF46-3D72-4FF9-AF5B-2E948DA412D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4726504-850B-4434-A149-09000D21F917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6D89450-C92C-4541-917B-AD047803A2AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*",
              "matchCriteriaId": "798EB26B-14D6-4E90-AC84-FF47B89B82E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA562619-7FAA-4FA6-AE42-55801AF00D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA961FB2-C543-4A1C-9C9E-C56641EB13FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F5982F-35BD-49A0-9DBE-774816136D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*",
              "matchCriteriaId": "56D23F59-4939-4ABE-A5BC-283BFC362E45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE1DB962-10C6-4536-B693-4AF59F0C4D94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA60B4FB-2BA4-4304-A7B8-8F0676C4F022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7D6B993-1CF8-4944-8456-B99A72F24814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18289BB-6568-4671-BC70-C8744DD2E0C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD29AACC-E101-494B-BFD4-D97FDBE4A584",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F52120E-9CAB-40D9-A577-5D8278139F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAB05A7D-3017-4589-AE5C-B1A377AF02B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C665F7-E05D-4A8C-B217-6689C95D3FF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*",
              "matchCriteriaId": "8441B2BB-3837-4EDE-B44E-323B434CBF56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*",
              "matchCriteriaId": "2007F032-06BA-4347-9D9E-2C7C4C9BBCD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF19CBB1-F047-4472-A19D-48A147396383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*",
              "matchCriteriaId": "C51EB3CF-6770-4626-BDA7-9ED94A374911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*",
              "matchCriteriaId": "C61B9485-2A42-4C95-9A10-3F1102E4EBBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FEEF7E-B477-485A-B9BC-98F6D1A2B10B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4FE4A01-9357-46D9-9BCB-DF2B4DECD9B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B9506D5-D8CA-4845-B2FA-0E47C9BB3C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBAFFFF-D658-45F0-AF14-BA29AA2D5394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BFB28F3-ADA5-4BD1-9723-73FA291307BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*",
              "matchCriteriaId": "9760A554-1D44-4249-97DE-8423A97BA9FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk with a size field of 0, which is used in the calculation of a file offset and causes invalid data to be used as a loop counter, triggering a heap-based buffer overflow, a different vulnerability than CVE-2010-2587 and CVE-2010-2588."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo dirapi.dll de Shockwave Player de Adobe anterior a versi\u00f3n 11.5.9.620, permite a los atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) por medio de una pel\u00edcula Director con un fragmento IFWV con un campo de tama\u00f1o 0, que es usado en el c\u00e1lculo de un desplazamiento de archivo y causa que los datos no v\u00e1lidos sean usados como un contador de bucle, desencadenando un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria, una vulnerabilidad diferente de CVE-2010-2587 y CVE-2010-2588."
    }
  ],
  "id": "CVE-2010-4188",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-02-10T16:00:12.863",
  "references": [
    {
      "source": "psirt@adobe.com",
      "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-01"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/archive/1/516332/100/0/threaded"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/bid/46319"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securitytracker.com/id?1025056"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0335"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516332/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46319"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0335"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-4188 (GCVE-0-2010-4188)

GHSA-2RC6-M8FX-55W4

GSD-2010-4188

CERTA-2011-AVI-075

Description

Solution

CERTA-2011-AVI-075

Description

Solution

FKIE_CVE-2010-4188

Tags

Sightings

Nomenclature