Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-2873

Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.

Published

2010-08-26T21:00:02.090

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	adobe	shockwave_player	≤ 11.5.7.609	Yes
Application	adobe	shockwave_player	1.0	Yes
Application	adobe	shockwave_player	2.0	Yes
Application	adobe	shockwave_player	3.0	Yes
Application	adobe	shockwave_player	4.0	Yes
Application	adobe	shockwave_player	5.0	Yes
Application	adobe	shockwave_player	6.0	Yes
Application	adobe	shockwave_player	8.0	Yes
Application	adobe	shockwave_player	8.0.196	Yes
Application	adobe	shockwave_player	8.0.196a	Yes
Application	adobe	shockwave_player	8.0.204	Yes
Application	adobe	shockwave_player	8.0.205	Yes
Application	adobe	shockwave_player	8.5.1	Yes
Application	adobe	shockwave_player	8.5.1.100	Yes
Application	adobe	shockwave_player	8.5.1.103	Yes
Application	adobe	shockwave_player	8.5.1.105	Yes
Application	adobe	shockwave_player	8.5.1.106	Yes
Application	adobe	shockwave_player	8.5.321	Yes
Application	adobe	shockwave_player	8.5.323	Yes
Application	adobe	shockwave_player	8.5.324	Yes
Application	adobe	shockwave_player	8.5.325	Yes
Application	adobe	shockwave_player	9	Yes
Application	adobe	shockwave_player	9.0.383	Yes
Application	adobe	shockwave_player	9.0.432	Yes
Application	adobe	shockwave_player	10.0.0.210	Yes
Application	adobe	shockwave_player	10.0.1.004	Yes
Application	adobe	shockwave_player	10.1.0.11	Yes
Application	adobe	shockwave_player	10.1.0.011	Yes
Application	adobe	shockwave_player	10.1.1.016	Yes
Application	adobe	shockwave_player	10.1.4.020	Yes
Application	adobe	shockwave_player	10.2.0.021	Yes
Application	adobe	shockwave_player	10.2.0.022	Yes
Application	adobe	shockwave_player	10.2.0.023	Yes
Application	adobe	shockwave_player	11.0.0.456	Yes
Application	adobe	shockwave_player	11.0.3.471	Yes
Application	adobe	shockwave_player	11.5.0.595	Yes
Application	adobe	shockwave_player	11.5.0.596	Yes
Application	adobe	shockwave_player	11.5.1.601	Yes
Application	adobe	shockwave_player	11.5.2.602	Yes
Application	adobe	shockwave_player	11.5.6.606	Yes

References

http://www.adobe.com/support/security/bulletins/apsb10-20.html Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/archive/1/513307/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/42682 ([email protected])
http://www.securitytracker.com/id?1024361 ([email protected])
http://www.vupen.com/english/advisories/2010/2176 ([email protected])
http://www.zerodayinitiative.com/advisories/ZDI-10-162 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12042 ([email protected])
http://www.adobe.com/support/security/bulletins/apsb10-20.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/513307/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/42682 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1024361 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/2176 (af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-10-162 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12042 (af854a3a-2127-422b-91ae-364da2661108)