CVE-2010-2871

Severity

93%

Complexity

86%

Confidentiality

165%

Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record in a Director movie.

Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record in a Director movie.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 14 years ago

2010-08-26 21:00:00

Last updated 6 years ago

2018-10-10 20:00:00

Affected Software

アドビシステムズ Macromedia Shockwave Player 1.0

1.0

Adobe Shockwave Player 2.0

2.0

Adobe Shockwave Player 3.0

3.0

アドビシステムズ Macromedia Shockwave Player 4.0

4.0

アドビシステムズ Macromedia Shockwave Player 5.0

5.0

Adobe Shockwave Player 6.0

6.0

アドビシステムズ Macromedia Shockwave Player 8.0

8.0

Adobe Shockwave Player 8.0.196

8.0.196

Adobe Shockwave Player 8.0.196a

8.0.196a

Adobe Shockwave Player 8.0.204

8.0.204

Adobe Shockwave Player 8.0.205

8.0.205

アドビシステムズ Macromedia Shockwave Player 8.5.1

8.5.1

Adobe Shockwave Player 8.5.1.100

8.5.1.100

Adobe Shockwave Player 8.5.1.103

8.5.1.103

Adobe Shockwave Player 8.5.1.105

8.5.1.105

Adobe Shockwave Player 8.5.1.106

8.5.1.106

Adobe Shockwave Player 8.5.321

8.5.321

Adobe Shockwave Player 8.5.323

8.5.323

Adobe Shockwave Player 8.5.324

8.5.324

Adobe Shockwave Player 8.5.325

8.5.325

Adobe Shockwave Player 9

9

Adobe Shockwave Player 9.0.383

9.0.383

Adobe Shockwave Player 9.0.432

9.0.432

Adobe Shockwave Player 10.0.0.210

10.0.0.210

Adobe Shockwave Player 10.0.1.004

10.0.1.004

Adobe Shockwave Player 10.1.0.011

10.1.0.011

アドビシステムズ Macromedia Shockwave Player 10.1.0.11

10.1.0.11

Adobe Shockwave Player 10.1.1.016

10.1.1.016

Adobe Shockwave Player 10.1.4.020

10.1.4.020

Adobe Shockwave Player 10.2.0.021

10.2.0.021

Adobe Shockwave Player 10.2.0.022

10.2.0.022

Adobe Shockwave Player 10.2.0.023

10.2.0.023

Adobe Shockwave Player 11.0.0.456

11.0.0.456

Adobe Macromedia Shockwave Player 11.0.3.471

11.0.3.471

Adobe Shockwave Player 11.5.0.595

11.5.0.595

Adobe Shockwave Player 11.5.0.596

11.5.0.596

Adobe Shockwave Player 11.5.1.601

11.5.1.601

Adobe Shockwave Player 11.5.2.602

11.5.2.602

Adobe Shockwave Player 11.5.6.606

11.5.6.606

アドビシステムズ Macromedia Shockwave Player

References

http://www.adobe.com/support/security/bulletins/apsb10-20.html

Patch, Vendor Advisory

20100824 ZDI-10-160: Adobe Shockwave Player Director File FFFFFF45 Record Processing Remote Code Execution Vulnerability

1024361

ADV-2010-2176

http://www.zerodayinitiative.com/advisories/ZDI-10-160

oval:org.mitre.oval:def:11970

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.