FKIE_CVE-2010-4190

Vulnerability from fkie_nvd - Published: 2011-02-10 16:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted CSWV RIFF chunk that causes an incorrect calculation of an offset for a substructure, which causes an out-of-bounds "seek" of heap memory, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.
References
psirt@adobe.comhttp://www.adobe.com/support/security/bulletins/apsb11-01.htmlPatch, Vendor Advisory
psirt@adobe.comhttp://www.securityfocus.com/archive/1/516324/100/0/threaded
psirt@adobe.comhttp://www.securityfocus.com/bid/46324
psirt@adobe.comhttp://www.securitytracker.com/id?1025056
psirt@adobe.comhttp://www.vupen.com/english/advisories/2011/0335Vendor Advisory
psirt@adobe.comhttp://www.zerodayinitiative.com/advisories/ZDI-11-080/
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb11-01.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/516324/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/46324
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025056
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0335Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-11-080/
Impacted products
Vendor Product Version
adobe shockwave_player *
adobe shockwave_player 1.0
adobe shockwave_player 2.0
adobe shockwave_player 3.0
adobe shockwave_player 4.0
adobe shockwave_player 5.0
adobe shockwave_player 6.0
adobe shockwave_player 8.0
adobe shockwave_player 8.0.196
adobe shockwave_player 8.0.196a
adobe shockwave_player 8.0.204
adobe shockwave_player 8.0.205
adobe shockwave_player 8.5.1
adobe shockwave_player 8.5.1.100
adobe shockwave_player 8.5.1.103
adobe shockwave_player 8.5.1.105
adobe shockwave_player 8.5.1.106
adobe shockwave_player 8.5.321
adobe shockwave_player 8.5.323
adobe shockwave_player 8.5.324
adobe shockwave_player 8.5.325
adobe shockwave_player 9
adobe shockwave_player 9.0.383
adobe shockwave_player 9.0.432
adobe shockwave_player 10.0.0.210
adobe shockwave_player 10.0.1.004
adobe shockwave_player 10.1.0.11
adobe shockwave_player 10.1.0.011
adobe shockwave_player 10.1.1.016
adobe shockwave_player 10.1.4.020
adobe shockwave_player 10.2.0.021
adobe shockwave_player 10.2.0.022
adobe shockwave_player 10.2.0.023
adobe shockwave_player 11.0.0.456
adobe shockwave_player 11.0.3.471
adobe shockwave_player 11.5.0.595
adobe shockwave_player 11.5.0.596
adobe shockwave_player 11.5.1.601
adobe shockwave_player 11.5.2.602
adobe shockwave_player 11.5.6.606
adobe shockwave_player 11.5.7.609
adobe shockwave_player 11.5.8.612
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1601F8CE-9D13-473A-AABA-C76C96C87679",
              "versionEndIncluding": "11.5.9.615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA5643BC-12F8-4F05-A363-9FC97EF1DD0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "085FA7DD-8048-4768-816C-82828022FCF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0DC258D-1C2B-4A7F-AD80-6C88A7A78A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "966A8542-E5E1-468F-989E-47F71123A426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DC1BCC0-B24B-4CFC-B3B9-FA3B0D968CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFFDAAB3-CC22-4604-80B3-4A54CCEFD29E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A77F1733-6755-44E7-8ECC-CFB397FC79A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*",
              "matchCriteriaId": "9282EC1A-DFDB-49A9-8BE1-013D9B494D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4A8422D-39E4-490C-B3EC-FED7468D6B4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*",
              "matchCriteriaId": "88A75AF4-F7BA-4CA4-8079-5D9794E1BD45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*",
              "matchCriteriaId": "712325E1-B37A-4994-B42E-F02553A3CB9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC55CB2C-4DBC-4D16-96A7-FB3316A21D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADB5808-5F9A-4FBD-A6FC-3DB17A6C6CF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFC415B5-F7C8-4277-A4A3-ECFA2CB38515",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*",
              "matchCriteriaId": "3454FF46-3D72-4FF9-AF5B-2E948DA412D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4726504-850B-4434-A149-09000D21F917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6D89450-C92C-4541-917B-AD047803A2AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*",
              "matchCriteriaId": "798EB26B-14D6-4E90-AC84-FF47B89B82E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA562619-7FAA-4FA6-AE42-55801AF00D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA961FB2-C543-4A1C-9C9E-C56641EB13FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F5982F-35BD-49A0-9DBE-774816136D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*",
              "matchCriteriaId": "56D23F59-4939-4ABE-A5BC-283BFC362E45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE1DB962-10C6-4536-B693-4AF59F0C4D94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA60B4FB-2BA4-4304-A7B8-8F0676C4F022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7D6B993-1CF8-4944-8456-B99A72F24814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18289BB-6568-4671-BC70-C8744DD2E0C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD29AACC-E101-494B-BFD4-D97FDBE4A584",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F52120E-9CAB-40D9-A577-5D8278139F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAB05A7D-3017-4589-AE5C-B1A377AF02B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C665F7-E05D-4A8C-B217-6689C95D3FF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*",
              "matchCriteriaId": "8441B2BB-3837-4EDE-B44E-323B434CBF56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*",
              "matchCriteriaId": "2007F032-06BA-4347-9D9E-2C7C4C9BBCD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF19CBB1-F047-4472-A19D-48A147396383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*",
              "matchCriteriaId": "C51EB3CF-6770-4626-BDA7-9ED94A374911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*",
              "matchCriteriaId": "C61B9485-2A42-4C95-9A10-3F1102E4EBBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FEEF7E-B477-485A-B9BC-98F6D1A2B10B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4FE4A01-9357-46D9-9BCB-DF2B4DECD9B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B9506D5-D8CA-4845-B2FA-0E47C9BB3C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBAFFFF-D658-45F0-AF14-BA29AA2D5394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BFB28F3-ADA5-4BD1-9723-73FA291307BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*",
              "matchCriteriaId": "9760A554-1D44-4249-97DE-8423A97BA9FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted CSWV RIFF chunk that causes an incorrect calculation of an offset for a substructure, which causes an out-of-bounds \"seek\" of heap memory, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306."
    },
    {
      "lang": "es",
      "value": "Adobe Shockwave Player en versiones anteriores a la 11.5.9.620 permite que los atacantes ejecuten c\u00f3digo arbitrario o provoquen una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) mediante una pel\u00edcula Director con un fragmento RIFF CSWV que provoca un c\u00e1lculo incorrecto de un desplazamiento para una subestructura, lo que provoca un \"seek\" fuera de l\u00edmites de la memoria din\u00e1mica (heap). Esta vulnerabilidad es diferente de CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4191, CVE-2010-4192 y CVE-2010-4306."
    }
  ],
  "id": "CVE-2010-4190",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-02-10T16:00:12.940",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/archive/1/516324/100/0/threaded"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/bid/46324"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securitytracker.com/id?1025056"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0335"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-080/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516324/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0335"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-080/"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.