FKIE_CVE-2010-4087

Vulnerability from fkie_nvd - Published: 2010-10-29 19:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with a crafted mmap record containing an invalid length of a VSWV entry, a different vulnerability than CVE-2010-4089.
References
psirt@adobe.comhttp://www.adobe.com/support/security/bulletins/apsb10-25.htmlPatch, Vendor Advisory
psirt@adobe.comhttp://www.securityfocus.com/archive/1/514581/100/0/threaded
psirt@adobe.comhttp://www.securitytracker.com/id?1024664
psirt@adobe.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12093
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb10-25.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/514581/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1024664
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12093
Impacted products
Vendor Product Version
adobe shockwave_player *
adobe shockwave_player 1.0
adobe shockwave_player 2.0
adobe shockwave_player 3.0
adobe shockwave_player 4.0
adobe shockwave_player 5.0
adobe shockwave_player 6.0
adobe shockwave_player 8.0
adobe shockwave_player 8.0.196
adobe shockwave_player 8.0.196a
adobe shockwave_player 8.0.204
adobe shockwave_player 8.0.205
adobe shockwave_player 8.5.1
adobe shockwave_player 8.5.1.100
adobe shockwave_player 8.5.1.103
adobe shockwave_player 8.5.1.105
adobe shockwave_player 8.5.1.106
adobe shockwave_player 8.5.321
adobe shockwave_player 8.5.323
adobe shockwave_player 8.5.324
adobe shockwave_player 8.5.325
adobe shockwave_player 9
adobe shockwave_player 9.0.383
adobe shockwave_player 9.0.432
adobe shockwave_player 10.0.0.210
adobe shockwave_player 10.0.1.004
adobe shockwave_player 10.1.0.11
adobe shockwave_player 10.1.0.011
adobe shockwave_player 10.1.1.016
adobe shockwave_player 10.1.4.020
adobe shockwave_player 10.2.0.021
adobe shockwave_player 10.2.0.022
adobe shockwave_player 10.2.0.023
adobe shockwave_player 11.0.0.456
adobe shockwave_player 11.0.3.471
adobe shockwave_player 11.5.0.595
adobe shockwave_player 11.5.0.596
adobe shockwave_player 11.5.1.601
adobe shockwave_player 11.5.2.602
adobe shockwave_player 11.5.6.606
adobe shockwave_player 11.5.7.609
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D71F810E-F23E-45FF-94F9-14D09490D018",
              "versionEndIncluding": "11.5.8.612",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA5643BC-12F8-4F05-A363-9FC97EF1DD0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "085FA7DD-8048-4768-816C-82828022FCF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0DC258D-1C2B-4A7F-AD80-6C88A7A78A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "966A8542-E5E1-468F-989E-47F71123A426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DC1BCC0-B24B-4CFC-B3B9-FA3B0D968CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFFDAAB3-CC22-4604-80B3-4A54CCEFD29E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A77F1733-6755-44E7-8ECC-CFB397FC79A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*",
              "matchCriteriaId": "9282EC1A-DFDB-49A9-8BE1-013D9B494D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4A8422D-39E4-490C-B3EC-FED7468D6B4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*",
              "matchCriteriaId": "88A75AF4-F7BA-4CA4-8079-5D9794E1BD45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*",
              "matchCriteriaId": "712325E1-B37A-4994-B42E-F02553A3CB9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC55CB2C-4DBC-4D16-96A7-FB3316A21D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADB5808-5F9A-4FBD-A6FC-3DB17A6C6CF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFC415B5-F7C8-4277-A4A3-ECFA2CB38515",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*",
              "matchCriteriaId": "3454FF46-3D72-4FF9-AF5B-2E948DA412D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4726504-850B-4434-A149-09000D21F917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6D89450-C92C-4541-917B-AD047803A2AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*",
              "matchCriteriaId": "798EB26B-14D6-4E90-AC84-FF47B89B82E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA562619-7FAA-4FA6-AE42-55801AF00D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA961FB2-C543-4A1C-9C9E-C56641EB13FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F5982F-35BD-49A0-9DBE-774816136D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*",
              "matchCriteriaId": "56D23F59-4939-4ABE-A5BC-283BFC362E45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE1DB962-10C6-4536-B693-4AF59F0C4D94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA60B4FB-2BA4-4304-A7B8-8F0676C4F022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7D6B993-1CF8-4944-8456-B99A72F24814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18289BB-6568-4671-BC70-C8744DD2E0C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD29AACC-E101-494B-BFD4-D97FDBE4A584",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F52120E-9CAB-40D9-A577-5D8278139F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAB05A7D-3017-4589-AE5C-B1A377AF02B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C665F7-E05D-4A8C-B217-6689C95D3FF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*",
              "matchCriteriaId": "8441B2BB-3837-4EDE-B44E-323B434CBF56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*",
              "matchCriteriaId": "2007F032-06BA-4347-9D9E-2C7C4C9BBCD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF19CBB1-F047-4472-A19D-48A147396383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*",
              "matchCriteriaId": "C51EB3CF-6770-4626-BDA7-9ED94A374911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*",
              "matchCriteriaId": "C61B9485-2A42-4C95-9A10-3F1102E4EBBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FEEF7E-B477-485A-B9BC-98F6D1A2B10B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4FE4A01-9357-46D9-9BCB-DF2B4DECD9B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B9506D5-D8CA-4845-B2FA-0E47C9BB3C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBAFFFF-D658-45F0-AF14-BA29AA2D5394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BFB28F3-ADA5-4BD1-9723-73FA291307BD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with a crafted mmap record containing an invalid length of a VSWV entry, a different vulnerability than CVE-2010-4089."
    },
    {
      "lang": "es",
      "value": "La biblioteca IML32.dll en Shockwave Player de Adobe anterior a versi\u00f3n 11.5.9.615, permite a los atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) por medio de un archivo .dir con un registro mmap especialmente dise\u00f1ado que contiene una longitud no v\u00e1lida de una entrada VSWV, una vulnerabilidad diferente de CVE-2010-4089."
    }
  ],
  "id": "CVE-2010-4087",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-10-29T19:00:02.403",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/archive/1/514581/100/0/threaded"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securitytracker.com/id?1024664"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/514581/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12093"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.