CVE-2010-1280 - OpenCVE

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Adobe	Shockwave Player
Apple	Macos
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:microsoft:windows::::::::

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html
http://secunia.com/advisories/38751
http://www.adobe.com/support/security/bulletins/apsb10-12.html
http://www.securityfocus.com/archive/1/511257/100/0/threaded
http://www.vupen.com/english/advisories/2010/1128
http://www.zeroscience.mk/codes/shockwave_mem.txt
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7184

History

No history.

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2010-05-13T17:00:00

Updated: 2024-08-07T01:21:17.662Z

Reserved: 2010-04-06T00:00:00

Link: CVE-2010-1280

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2010-05-13T17:30:02.000

Modified: 2022-09-16T18:19:09.253

Link: CVE-2010-1280

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-05-11T00:00:00", "descriptions": [{"lang": "en", "value": "Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"name": "38751", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38751"}, {"name": "20100511 [CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"}, {"name": "20100512 [CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/511257/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zeroscience.mk/codes/shockwave_mem.txt"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php"}, {"name": "ADV-2010-1128", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1128"}, {"name": "oval:org.mitre.oval:def:7184", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7184"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2010-1280", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "38751", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38751"}, {"name": "20100511 [CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"}, {"name": "20100512 [CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/511257/100/0/threaded"}, {"name": "http://www.zeroscience.mk/codes/shockwave_mem.txt", "refsource": "MISC", "url": "http://www.zeroscience.mk/codes/shockwave_mem.txt"}, {"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php", "refsource": "MISC", "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php"}, {"name": "ADV-2010-1128", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1128"}, {"name": "oval:org.mitre.oval:def:7184", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7184"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:21:17.662Z"}, "title": "CVE Program Container", "references": [{"name": "38751", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38751"}, {"name": "20100511 [CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"}, {"name": "20100512 [CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/511257/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zeroscience.mk/codes/shockwave_mem.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php"}, {"name": "ADV-2010-1128", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1128"}, {"name": "oval:org.mitre.oval:def:7184", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7184"}]}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2010-1280", "datePublished": "2010-05-13T17:00:00", "dateReserved": "2010-04-06T00:00:00", "dateUpdated": "2024-08-07T01:21:17.662Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A79D960-7961-4737-B69E-C070DA62C9AD", "versionEndExcluding": "11.5.7.609", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C56F007-5F8E-4BDD-A803-C907BCC0AF55", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file."}, {"lang": "es", "value": "Adobe Shockwave Player en versiones anteriores a la 11.5.7.609 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) mediante un fichero .dir (tambi\u00e9n conocido como Director) manipulado, relacionado con (1) una dereferencia err\u00f3nea y (2) un cierto fichero Shock.dir."}], "evaluatorSolution": "Per: http://www.adobe.com/support/security/bulletins/apsb10-12.html\r\n\r\n'Adobe recommends users of Adobe Shockwave Player 11.5.6.606 and earlier versions update to Adobe Shockwave Player 11.5.7.609'", "id": "CVE-2010-1280", "lastModified": "2022-09-16T18:19:09.253", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2010-05-13T17:30:02.000", "references": [{"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/38751"}, {"source": "psirt@adobe.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/511257/100/0/threaded"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1128"}, {"source": "psirt@adobe.com", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.zeroscience.mk/codes/shockwave_mem.txt"}, {"source": "psirt@adobe.com", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php"}, {"source": "psirt@adobe.com", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7184"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}