Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.801335
Category:General
Title:Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities May-10
Summary:This host is installed with Adobe Shockwave Player and is prone; to multiple remote code execution vulnerabilities.
Description:Summary:
This host is installed with Adobe Shockwave Player and is prone
to multiple remote code execution vulnerabilities.

Vulnerability Insight:
Multiple flaws are caused by memory corruption errors, integer and buffer
overflows, array indexing, and signedness errors when processing malformed
'Shockwave' or 'Director' files, which could be exploited by attackers to
execute arbitrary code by tricking a user into visiting a specially crafted
web page.

Vulnerability Impact:
Successful exploitation will allow attacker to execute arbitrary code in
the context of the affected application by tricking a user into visiting a
specially crafted web page.

Affected Software/OS:
Adobe Shockwave Player prior to 11.5.7.609 on Windows.

Solution:
Upgrade to Adobe Shockwave Player 11.5.7.609.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-0127
Bugtraq: 20100512 Secunia Research: Adobe Shockwave Player 3D Parsing Memory Corruption (Google Search)
http://www.securityfocus.com/archive/1/511260/100/0/threaded
http://secunia.com/secunia_research/2010-17/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7477
http://secunia.com/advisories/38751
http://www.vupen.com/english/advisories/2010/1128
Common Vulnerability Exposure (CVE) ID: CVE-2010-0128
Bugtraq: 20100511 [CORE-2010-0405] Adobe Director Invalid Read (Google Search)
http://www.securityfocus.com/archive/1/511240/100/0/threaded
Bugtraq: 20100512 Secunia Research: Adobe Shockwave Player Signedness Error Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511261/100/0/threaded
http://secunia.com/secunia_research/2010-19/
http://www.coresecurity.com/content/adobe-director-invalid-read
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7273
Common Vulnerability Exposure (CVE) ID: CVE-2010-0129
BugTraq ID: 40082
http://www.securityfocus.com/bid/40082
Bugtraq: 20100512 Secunia Research: Adobe Shockwave Player Array Indexing Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511262/100/0/threaded
Bugtraq: 20100512 [CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511256/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869
http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html
http://secunia.com/secunia_research/2010-20/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7134
Common Vulnerability Exposure (CVE) ID: CVE-2010-0130
BugTraq ID: 40084
http://www.securityfocus.com/bid/40084
Bugtraq: 20100512 Secunia Research: Adobe Shockwave Player Integer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511263/100/0/threaded
http://secunia.com/secunia_research/2010-22/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7108
Common Vulnerability Exposure (CVE) ID: CVE-2010-1280
Bugtraq: 20100512 [CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite (Google Search)
http://www.securityfocus.com/archive/1/511257/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html
http://www.zeroscience.mk/codes/shockwave_mem.txt
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7184
Common Vulnerability Exposure (CVE) ID: CVE-2010-1281
Bugtraq: 20100511 ZDI-10-087: Adobe Shockwave Invalid Offset Memory Corruption Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511252/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-087/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7268
Common Vulnerability Exposure (CVE) ID: CVE-2010-1282
BugTraq ID: 40088
http://www.securityfocus.com/bid/40088
Bugtraq: 20100512 [CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511254/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html
http://hi.baidu.com/fs_fx/blog/item/f8de1d18ba8c9b76dbb4bd56.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7388
Common Vulnerability Exposure (CVE) ID: CVE-2010-1283
Bugtraq: 20100511 ZDI-10-088: Adobe Shockwave Player 3D Parsing Memory Corruption Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511253/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-088/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7262
Common Vulnerability Exposure (CVE) ID: CVE-2010-1284
BugTraq ID: 40091
http://www.securityfocus.com/bid/40091
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6638
Common Vulnerability Exposure (CVE) ID: CVE-2010-1286
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7269
Common Vulnerability Exposure (CVE) ID: CVE-2010-1287
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6803
Common Vulnerability Exposure (CVE) ID: CVE-2010-1288
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7543
Common Vulnerability Exposure (CVE) ID: CVE-2010-1289
BugTraq ID: 40087
http://www.securityfocus.com/bid/40087
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6652
Common Vulnerability Exposure (CVE) ID: CVE-2010-1290
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7154
Common Vulnerability Exposure (CVE) ID: CVE-2010-1291
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7183
Common Vulnerability Exposure (CVE) ID: CVE-2010-1292
Bugtraq: 20100511 ZDI-10-089: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511242/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-089/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7416
Common Vulnerability Exposure (CVE) ID: CVE-2010-0987
BugTraq ID: 40093
http://www.securityfocus.com/bid/40093
Bugtraq: 20100512 Secunia Research: Adobe Shockwave Player Font Processing Buffer Overflow (Google Search)
http://www.securityfocus.com/archive/1/511265/100/0/threaded
http://secunia.com/secunia_research/2010-50/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7052
Common Vulnerability Exposure (CVE) ID: CVE-2010-0986
BugTraq ID: 40086
http://www.securityfocus.com/bid/40086
Bugtraq: 20100512 Secunia Research: Adobe Shockwave Player Asset Entry Parsing Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511264/100/0/threaded
http://secunia.com/secunia_research/2010-34/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6967
CopyrightCopyright (C) 2010 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.