VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-2873

shockwave_player: Adobe Shockwave Player before 11.5.8.612 does not p...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2873

Original

Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-08-26

Source Information Category:

Advisory, Alert

Last Updated:

2010-08-27

Affected Product Tags

cpe:/a:adobe:shockwave_player:1.0

cpe:/a:adobe:shockwave_player:10.0.0.210

cpe:/a:adobe:shockwave_player:10.0.1.004

cpe:/a:adobe:shockwave_player:10.1.0.011

cpe:/a:adobe:shockwave_player:10.1.0.11

cpe:/a:adobe:shockwave_player:10.1.1.016

cpe:/a:adobe:shockwave_player:10.1.4.020

cpe:/a:adobe:shockwave_player:10.2.0.021

cpe:/a:adobe:shockwave_player:10.2.0.022

cpe:/a:adobe:shockwave_player:10.2.0.023

cpe:/a:adobe:shockwave_player:11.0.0.456

cpe:/a:adobe:shockwave_player:11.0.3.471

cpe:/a:adobe:shockwave_player:11.5.0.595

cpe:/a:adobe:shockwave_player:11.5.0.596

cpe:/a:adobe:shockwave_player:11.5.1.601

cpe:/a:adobe:shockwave_player:11.5.2.602

cpe:/a:adobe:shockwave_player:11.5.6.606

cpe:/a:adobe:shockwave_player:11.5.7.609 and previous versions

cpe:/a:adobe:shockwave_player:2.0

cpe:/a:adobe:shockwave_player:3.0

cpe:/a:adobe:shockwave_player:4.0

cpe:/a:adobe:shockwave_player:5.0

cpe:/a:adobe:shockwave_player:6.0

cpe:/a:adobe:shockwave_player:8.0

cpe:/a:adobe:shockwave_player:8.0.196

cpe:/a:adobe:shockwave_player:8.0.196a

cpe:/a:adobe:shockwave_player:8.0.204

cpe:/a:adobe:shockwave_player:8.0.205

cpe:/a:adobe:shockwave_player:8.5.1

cpe:/a:adobe:shockwave_player:8.5.1.100

cpe:/a:adobe:shockwave_player:8.5.1.103

cpe:/a:adobe:shockwave_player:8.5.1.105

cpe:/a:adobe:shockwave_player:8.5.1.106

cpe:/a:adobe:shockwave_player:8.5.321

cpe:/a:adobe:shockwave_player:8.5.323

cpe:/a:adobe:shockwave_player:8.5.324

cpe:/a:adobe:shockwave_player:8.5.325

cpe:/a:adobe:shockwave_player:9

cpe:/a:adobe:shockwave_player:9.0.383

cpe:/a:adobe:shockwave_player:9.0.432

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BUGTRAQ 20100824 ZDI-10-162: Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerability

CONFIRM http://www.adobe.com/support/security/bulletins/apsb10-20.html

MISC http://www.zerodayinitiative.com/advisories/ZDI-10-162

Vulnerability Type Input Validation (CWE-20)