CVE-2010-0129 (GCVE-0-2010-0129)

Vulnerability from cvelistv5

Published

2010-05-13 17:00

Modified

2024-08-07 00:37

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

fkie_cve-2010-0129

Vulnerability from fkie_nvd

Published

2010-05-13 17:30

Modified

2025-04-11 00:51

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
PSIRT-CNA@flexerasoftware.com	http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html	Broken Link
PSIRT-CNA@flexerasoftware.com	http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html	Broken Link, Third Party Advisory
PSIRT-CNA@flexerasoftware.com	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869	Broken Link
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/38751	Broken Link, Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2010-20/	Broken Link, Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://www.adobe.com/support/security/bulletins/apsb10-12.html	Patch, Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/511256/100/0/threaded	Broken Link, VDB Entry
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/511262/100/0/threaded	Broken Link, VDB Entry
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/bid/40082	Broken Link, VDB Entry
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2010/1128	Broken Link, Vendor Advisory
PSIRT-CNA@flexerasoftware.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7134	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38751	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2010-20/	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb10-12.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/511256/100/0/threaded	Broken Link, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/511262/100/0/threaded	Broken Link, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/40082	Broken Link, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1128	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7134	Third Party Advisory

Impacted products

Vendor	Product	Version
adobe	shockwave_player	*
apple	macos	*
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A79D960-7961-4737-B69E-C070DA62C9AD",
              "versionEndExcluding": "11.5.7.609",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C56F007-5F8E-4BDD-A803-C907BCC0AF55",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de enteros en Adobe Shockwave Player en versiones anteriores a la 11.5.7.609 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero .dir (tambi\u00e9n conocido como Director) manipulado que dispara un error de indice de matriz."
    }
  ],
  "evaluatorSolution": "Per: http://www.adobe.com/support/security/bulletins/apsb10-12.html\r\n\r\n\u0027Adobe recommends users of Adobe Shockwave Player 11.5.6.606 and earlier versions update to Adobe Shockwave Player 11.5.7.609\u0027",
  "id": "CVE-2010-0129",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2010-05-13T17:30:01.827",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38751"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2010-20/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Broken Link",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/511256/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Broken Link",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/511262/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Broken Link",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/40082"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1128"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2010-20/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/511256/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/511262/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/40082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7134"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2010-0129

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-0129

Aliases

CVE-2010-0129

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-0129",
    "description": "Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.",
    "id": "GSD-2010-0129"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-0129"
      ],
      "details": "Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.",
      "id": "GSD-2010-0129",
      "modified": "2023-12-13T01:21:29.386147Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
        "ID": "CVE-2010-0129",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "38751",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38751"
          },
          {
            "name": "20100512 [CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/511256/100/0/threaded"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
          },
          {
            "name": "20100511 [CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html"
          },
          {
            "name": "40082",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/40082"
          },
          {
            "name": "20100511 Abobe Shockwave Player Heap Memory Indexing Vulnerability",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869"
          },
          {
            "name": "ADV-2010-1128",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/1128"
          },
          {
            "name": "http://secunia.com/secunia_research/2010-20/",
            "refsource": "MISC",
            "url": "http://secunia.com/secunia_research/2010-20/"
          },
          {
            "name": "http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html",
            "refsource": "MISC",
            "url": "http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html"
          },
          {
            "name": "20100512 Secunia Research: Adobe Shockwave Player Array Indexing Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/511262/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:7134",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7134"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.5.7.609",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2010-0129"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://secunia.com/secunia_research/2010-20/",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/secunia_research/2010-20/"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
            },
            {
              "name": "http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Third Party Advisory"
              ],
              "url": "http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html"
            },
            {
              "name": "ADV-2010-1128",
              "refsource": "VUPEN",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/1128"
            },
            {
              "name": "38751",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/38751"
            },
            {
              "name": "20100511 Abobe Shockwave Player Heap Memory Indexing Vulnerability",
              "refsource": "IDEFENSE",
              "tags": [
                "Broken Link"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869"
            },
            {
              "name": "20100511 [CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability",
              "refsource": "FULLDISC",
              "tags": [
                "Broken Link"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html"
            },
            {
              "name": "40082",
              "refsource": "BID",
              "tags": [
                "Broken Link",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/40082"
            },
            {
              "name": "oval:org.mitre.oval:def:7134",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7134"
            },
            {
              "name": "20100512 Secunia Research: Adobe Shockwave Player Array Indexing Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [
                "Broken Link",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/511262/100/0/threaded"
            },
            {
              "name": "20100512 [CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [
                "Broken Link",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/511256/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-06-07T13:29Z",
      "publishedDate": "2010-05-13T17:30Z"
    }
  }
}

ghsa-3843-gw6w-ffcc

Vulnerability from github

Published

2022-05-02 06:10

Modified

2025-04-11 03:35

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-0129"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-05-13T17:30:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.",
  "id": "GHSA-3843-gw6w-ffcc",
  "modified": "2025-04-11T03:35:11Z",
  "published": "2022-05-02T06:10:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0129"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7134"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html"
    },
    {
      "type": "WEB",
      "url": "http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38751"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/secunia_research/2010-20"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/511256/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/511262/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/40082"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1128"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error. Adobe Shockwave Player is prone to multiple remote code-execution vulnerabilities while parsing Director (.dir) files. Attackers can exploit these issues to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts may cause a denial-of-service condition. Versions prior to Shockwave Player 11.5.7.609 are vulnerable. Note: These issues were previously covered in BID 40066 (Adobe Shockwave Player APSB10-12 Multiple Remote Vulnerabilities); they have been given their own record to better document them. The vulnerable software fails to sanitize user input when processing .dir files resulting in a crash and overwrite of a few memory registers.

--------------------------------------------------------------------------------

(f94.ae4): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=20a0a0a0 ebx=207d004c ecx=00000400 edx=41414140 esi=00000000 edi=a80487d8 eip=68008bd6 esp=0012de4c ebp=00000400 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00050206 *** WARNING: Unable to verify checksum for C:\Program Files\Adobe\Adobe Director 11\DIRAPI.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for DIRAPI.dll - DIRAPI!Ordinal14+0x3b16: 68008bd6 2b4f04 sub ecx,dword ptr [edi+4] ds:0023:a80487dc=???????? ----------------------- EAX FFFFFFFF ECX 41414141 EDX FFFFFFFF EBX 00000018 ESP 0012F3B4 EBP 02793578 ESI 0012F3C4 EDI 02793578 EIP 69009F1F IML32.69009F1F
--------------------------------------------------------------------------------

Tested on: Microsoft Windows XP Professional SP3 (English). ----------------------------------------------------------------------

Looking for a job?

Secunia is hiring skilled researchers and talented developers.

1) A boundary error while processing FFFFFF45h Shockwave 3D blocks can be exploited to corrupt memory.

2) A signedness error in the processing of Director files can be exploited to corrupt memory.

3) An array indexing error when processing Director files can be exploited to corrupt memory.

4) An integer overflow error when processing Director files can be exploited to corrupt memory.

5) An error when processing asset entries contained in Director files can be exploited to corrupt memory.

6) A boundary error when processing embedded fonts can be exploited to cause a heap-based buffer overflow via a specially crafted Director file.

7) An error when processing Director files can be exploited to overwrite 4 bytes of memory.

8) An error in the implementation of ordinal function 1409 in iml32.dll can be exploited to corrupt heap memory via a specially crafted Director file.

9) An error when processing a 4-byte field inside FFFFFF49h Shockwave 3D blocks can be exploited to corrupt heap memory.

10) An unspecified error can be exploited to corrupt memory.

11) A second unspecified error can be exploited to corrupt memory.

12) A third unspecified error can be exploited to corrupt memory.

13) A fourth unspecified error can be exploited to cause a buffer overflow.

14) A fifth unspecified error can be exploited to corrupt memory.

15) A sixth unspecified error can be exploited to corrupt memory.

16) A seventh unspecified error can be exploited to corrupt memory.

17) An error when processing signed values encountered while parsing "pami" RIFF chunks can be exploited to corrupt memory.

SOLUTION: Update to version 11.5.7.609. http://get.adobe.com/shockwave/

PROVIDED AND/OR DISCOVERED BY: 1-6) Alin Rad Pop, Secunia Research

The vendor also credits: 2) Nahuel Riva of Core Security Technologies. 3) Chaouki Bekrar of Vupen, Code Audit Labs, and an anonymous person working with iDefense. 7) Chaouki Bekrar and Sebastien Renaud of Vupen, Code Audit Labs, Gjoko Krstic of Zero Science Lab, and Chro HD of Fortinet's FortiGuard Labs. 8, 17) an anonymous person working with ZDI. 9) Chaouki Bekrar of Vupen and an anonymous person working with ZDI. 10) Chaouki Bekrar of Vupen. 11-16) Chro HD of Fortinet's FortiGuard Labs.

CHANGELOG: 2010-05-12: Updated "Extended Description" and added PoCs for vulnerabilities #2, #3, #4, and #6.

ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb10-12.html

Secunia Research: http://secunia.com/secunia_research/2010-17/ http://secunia.com/secunia_research/2010-19/ http://secunia.com/secunia_research/2010-20/ http://secunia.com/secunia_research/2010-22/ http://secunia.com/secunia_research/2010-34/ http://secunia.com/secunia_research/2010-50/

ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-087/ http://www.zerodayinitiative.com/advisories/ZDI-10-088/ http://www.zerodayinitiative.com/advisories/ZDI-10-089/

iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869

Code Audit Labs: http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html

Zero Science Lab: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php

Core Security Technologies: http://www.coresecurity.com/content/adobe-director-invalid-read

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. User interaction is required in that a user must visit a malicious web site. When a malicious value is used extern to signed integer . Exploitation can lead to remote system compromise under the credentials of the currently logged in user. 2010-5-11 Coordinated public release of advisory.

About Code Audit Labs:

Code Audit Labs is department of VulnHunt company which provide a professional security testing products / services / security consulting and training ,we sincerely hope we can help your procudes to improve code quality and safety. WebSite http://www.VulnHunt.com ( online soon)

. Binary Analysis & Proof-of-concept

In-depth binary analysis, code execution exploits and proof-of-concept codes are published through the VUPEN Binary Analysis & Exploits Service :

http://www.vupen.com/exploits/

V. CREDIT

These vulnerabilities were discovered by Chaouki Bekrar of VUPEN Security

VII. ABOUT VUPEN Security

VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks.

Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats.

VUPEN Vulnerability Notification Service: http://www.vupen.com/english/services/
VUPEN Binary Analysis & Exploits Service : http://www.vupen.com/exploits/
VUPEN Web Application Security Scanner (WASS): http://www.vupen.com/english/wass/

VIII. REFERENCES

http://www.vupen.com/english/advisories/2010/1128 http://www.adobe.com/support/security/bulletins/apsb10-12.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0129

IX.

====================================================================== 2) Severity

Rating: Highly critical Impact: System access Where: From remote

====================================================================== 3) Vendor's Description of Software

"Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. ".dir") is opened.

====================================================================== 6) Time Table

03/03/2010 - Vendor notified. 03/03/2010 - Vendor response. 12/05/2010 - Public disclosure.

====================================================================== 9) About Secunia

Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

====================================================================== 10) Verification

Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2010-20/

Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/

======================================================================

Full-Disclosure - We believe in it. iDefense Security Advisory 05.11.10 http://labs.idefense.com/intelligence/vulnerabilities/ May 11, 2010

I. BACKGROUND

Adobe Shockwave Player is a popular Web browser plugin. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web browsers to display rich multimedia content in the form of Shockwave videos. For more information, see the vendor's site found at the following link:

http://get.adobe.com/shockwave

II.

The vulnerability takes place during the processing of a certain malformed file. A function calculates an offset to be used within a memory mapped file and returns the offset value. The return value is not checked. This can lead to a condition where an attacker is able to overwrite memory outside the bounds of the allocated memory map.

III. To exploit this vulnerability, a targeted user must load a malicious file created by an attacker. An attacker typically accomplishes this via social engineering or injecting content into a compromised, trusted site.

Adobe Shockwave Player implements a custom memory management system for object allocation. Due to the design of the memory allocator, an attacker is able to predict the distance of objects within a memory map. This condition can help facilitate reliable exploitation of this vulnerability.

IV. DETECTION

iDefense has confirmed the existence of this vulnerability in the latest version of Shockwave Player at the time of testing, version 11.5.6r606.

V. WORKAROUND

The killbit for the Shockwave Player ActiveX control can be set by creating the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility{233C1507-6A77-46A4-9443-F871F945D258} Under this key create a new DWORD value called "Compatibility Flags" and set its hexadecimal value to 400.

To re-enable Shockwave Player set the "Compatibility Flags" value to 0.

VI. VENDOR RESPONSE

Adobe has released a fix which addresses this issue. Information about downloadable vendor updates can be found by clicking on the URLs shown.

http://get.adobe.com/shockwave/

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2010-0129 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.

VIII. DISCLOSURE TIMELINE

03/03/2010 Initial Vendor Notification 03/03/2009 Initial Vendor Reply 05/11/2010 Coordinated Public Disclosure

IX. CREDIT

The discoverer of this vulnerability wishes to remain anonymous.

Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php

Free tools, research and upcoming events http://labs.idefense.com/

X. LEGAL NOTICES

Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201005-0052",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "shockwave player",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "adobe",
        "version": "11.5.7.609"
      },
      {
        "model": "shockwave player",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "adobe",
        "version": "11.5.6.606"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "9"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "6.0"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "5.0"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "10.1.0.11"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "3.0"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "8.0"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "8.5.1"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "1.0"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "2.0"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "adobe",
        "version": "4.0"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "11.5.6.606"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "11.5.2.606"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "11.5.2.602"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "11.5.1.601"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "11.5.601"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "11.5.600"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "11.5.596"
      },
      {
        "model": "shockwave player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "adobe",
        "version": "11.5.7.609"
      },
      {
        "model": "shockwave player",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "adobe incorporated",
        "version": "11.5.6.606"
      }
    ],
    "sources": [
      {
        "db": "ZSL",
        "id": "ZSL-2010-4937"
      },
      {
        "db": "BID",
        "id": "40082"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001475"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0129"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:adobe:shockwave_player",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001475"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "VulnHunt http://www.vulnhunt.com/",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-191"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2010-0129",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2010-0129",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-42734",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2010-0129",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2010-0129",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2010-0129",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201005-191",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "ZSL",
            "id": "ZSL-2010-4937",
            "trust": 0.1,
            "value": "(4/5)"
          },
          {
            "author": "VULHUB",
            "id": "VHN-42734",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZSL",
        "id": "ZSL-2010-4937"
      },
      {
        "db": "VULHUB",
        "id": "VHN-42734"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001475"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0129"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error. Adobe Shockwave Player is prone to multiple remote code-execution vulnerabilities while parsing Director (.dir) files. \nAttackers can exploit these issues to execute arbitrary code in the context of the currently logged-in user.  Failed exploit attempts may cause a denial-of-service condition. \nVersions prior to Shockwave Player 11.5.7.609 are vulnerable. \nNote: These issues were previously covered in BID 40066 (Adobe Shockwave Player APSB10-12 Multiple Remote Vulnerabilities); they have been given their own record to better document them. The vulnerable software fails to sanitize user input when      processing .dir files resulting in a crash and overwrite of a few memory registers.\u003cbr/\u003e\u003cbr/\u003e      --------------------------------------------------------------------------------\u003cbr/\u003e\u003cbr/\u003e\u003ccode\u003e (f94.ae4): Access violation - code c0000005 (first chance)\u003cbr/\u003e First chance exceptions are reported before any exception handling.\u003cbr/\u003e This exception may be expected and handled.\u003cbr/\u003e eax=20a0a0a0 ebx=207d004c ecx=00000400 edx=41414140 esi=00000000 edi=a80487d8\u003cbr/\u003e eip=68008bd6 esp=0012de4c ebp=00000400 iopl=0         nv up ei pl nz na pe nc\u003cbr/\u003e cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00050206\u003cbr/\u003e *** WARNING: Unable to verify checksum for C:\\Program Files\\Adobe\\Adobe Director 11\\DIRAPI.dll\u003cbr/\u003e *** ERROR: Symbol file could not be found.  Defaulted to export symbols for DIRAPI.dll - \u003cbr/\u003e DIRAPI!Ordinal14+0x3b16:\u003cbr/\u003e 68008bd6 2b4f04          sub     ecx,dword ptr [edi+4] ds:0023:a80487dc=????????\u003cbr/\u003e\u003cbr/\u003e-----------------------\u003cbr/\u003e\u003cbr/\u003eEAX FFFFFFFF\u003cbr/\u003eECX 41414141\u003cbr/\u003eEDX FFFFFFFF\u003cbr/\u003eEBX 00000018\u003cbr/\u003eESP 0012F3B4\u003cbr/\u003eEBP 02793578\u003cbr/\u003eESI 0012F3C4\u003cbr/\u003eEDI 02793578\u003cbr/\u003eEIP 69009F1F IML32.69009F1F\u003cbr/\u003e\u003c/code\u003e\u003cbr/\u003e--------------------------------------------------------------------------------\u003cbr/\u003e\u003cbr/\u003eTested on: Microsoft Windows XP Professional SP3 (English). ----------------------------------------------------------------------\n\n\nLooking for a job?\n\n\nSecunia is hiring skilled researchers and talented developers. \n\n1) A boundary error while processing FFFFFF45h Shockwave 3D blocks\ncan be exploited to corrupt memory. \n\n2) A signedness error in the processing of Director files can be\nexploited to corrupt memory. \n\n3) An array indexing error when processing Director files can be\nexploited to corrupt memory. \n\n4) An integer overflow error when processing Director files can be\nexploited to corrupt memory. \n\n5) An error when processing asset entries contained in Director files\ncan be exploited to corrupt memory. \n\n6) A boundary error when processing embedded fonts can be exploited\nto cause a heap-based buffer overflow via a specially crafted\nDirector file. \n\n7) An error when processing Director files can be exploited to\noverwrite 4 bytes of memory. \n\n8) An error in the implementation of ordinal function 1409 in\niml32.dll can be exploited to corrupt heap memory via a specially\ncrafted Director file. \n\n9) An error when processing a 4-byte field inside FFFFFF49h Shockwave\n3D blocks can be exploited to corrupt heap memory. \n\n10) An unspecified error can be exploited to corrupt memory. \n\n11) A second unspecified error can be exploited to corrupt memory. \n\n12) A third unspecified error can be exploited to corrupt memory. \n\n13) A fourth unspecified error can be exploited to cause a buffer\noverflow. \n\n14) A fifth unspecified error can be exploited to corrupt memory. \n\n15) A sixth unspecified error can be exploited to corrupt memory. \n\n16) A seventh unspecified error can be exploited to corrupt memory. \n\n17) An error when processing signed values encountered while parsing\n\"pami\" RIFF chunks can be exploited to corrupt memory. \n\nSOLUTION:\nUpdate to version 11.5.7.609. \nhttp://get.adobe.com/shockwave/\n\nPROVIDED AND/OR DISCOVERED BY:\n1-6) Alin Rad Pop, Secunia Research\n\nThe vendor also credits:\n2) Nahuel Riva of Core Security Technologies. \n3) Chaouki Bekrar of Vupen, Code Audit Labs, and an anonymous person\nworking with iDefense. \n7) Chaouki Bekrar and Sebastien Renaud of Vupen, Code Audit Labs,\nGjoko Krstic of Zero Science Lab, and Chro HD of Fortinet\u0027s\nFortiGuard Labs. \n8, 17) an anonymous person working with ZDI. \n9) Chaouki Bekrar of Vupen and an anonymous person working with ZDI. \n10) Chaouki Bekrar of Vupen. \n11-16) Chro HD of Fortinet\u0027s FortiGuard Labs. \n\nCHANGELOG:\n2010-05-12: Updated \"Extended Description\" and added PoCs for\nvulnerabilities #2, #3, #4, and #6. \n\nORIGINAL ADVISORY:\nAdobe:\nhttp://www.adobe.com/support/security/bulletins/apsb10-12.html\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2010-17/\nhttp://secunia.com/secunia_research/2010-19/\nhttp://secunia.com/secunia_research/2010-20/\nhttp://secunia.com/secunia_research/2010-22/\nhttp://secunia.com/secunia_research/2010-34/\nhttp://secunia.com/secunia_research/2010-50/\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-087/\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-088/\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-089/\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869\n\nCode Audit Labs:\nhttp://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html\nhttp://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html\nhttp://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html\n\nZero Science Lab:\nhttp://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php\n\nCore Security Technologies:\nhttp://www.coresecurity.com/content/adobe-director-invalid-read\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. User interaction is required\nin that a user must visit a malicious web site. When a malicious value is used\nextern to signed integer . Exploitation can lead to remote system\ncompromise under the credentials of the currently logged in user. \n2010-5-11 Coordinated public release of advisory. \n\n\nAbout Code Audit Labs:\n=====================\nCode Audit Labs is department of VulnHunt company which provide a\nprofessional security testing products / services / security consulting\nand training ,we sincerely hope we can help your procudes to improve code\nquality and safety. \nWebSite http://www.VulnHunt.com ( online soon)\n\n. Binary Analysis \u0026 Proof-of-concept\n---------------------------------------\n\nIn-depth binary analysis, code execution exploits and proof-of-concept\ncodes are published through the VUPEN Binary Analysis \u0026 Exploits Service :\n\nhttp://www.vupen.com/exploits/\n\n\nV. CREDIT\n--------------\n\nThese vulnerabilities were discovered by Chaouki Bekrar of VUPEN Security\n\n\nVII. ABOUT VUPEN Security\n---------------------------\n\nVUPEN is a leading IT security research company providing vulnerability\nmanagement and security intelligence solutions which enable enterprises\nand institutions to eliminate vulnerabilities before they can be exploited,\nensure security policy compliance and meaningfully measure and manage risks. \n\nGovernmental and federal agencies, and global enterprises in the financial\nservices, insurance, manufacturing and technology industries rely on VUPEN\nto improve their security, prioritize resources, cut time and costs, and\nstay ahead of the latest threats. \n\n* VUPEN Vulnerability Notification Service:\nhttp://www.vupen.com/english/services/\n\n* VUPEN Binary Analysis \u0026 Exploits Service :\nhttp://www.vupen.com/exploits/\n\n* VUPEN Web Application Security Scanner (WASS):\nhttp://www.vupen.com/english/wass/\n\n\nVIII. REFERENCES\n----------------------\n\nhttp://www.vupen.com/english/advisories/2010/1128\nhttp://www.adobe.com/support/security/bulletins/apsb10-12.html\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0129\n\n\nIX. \n\n====================================================================== \n2) Severity \n\nRating: Highly critical\nImpact: System access\nWhere:  From remote\n\n====================================================================== \n3) Vendor\u0027s Description of Software \n\n\"Over 450 million Internet-enabled desktops have installed Adobe \nShockwave Player. \".dir\") is opened. \n\n====================================================================== \n6) Time Table \n\n03/03/2010 - Vendor notified. \n03/03/2010 - Vendor response. \n12/05/2010 - Public disclosure. \n\n====================================================================== \n9) About Secunia\n\nSecunia offers vulnerability management solutions to corporate\ncustomers with verified and reliable vulnerability intelligence\nrelevant to their specific system configuration:\n\nhttp://secunia.com/advisories/business_solutions/\n\nSecunia also provides a publicly accessible and comprehensive advisory\ndatabase as a service to the security community and private \nindividuals, who are interested in or concerned about IT-security. \n\nhttp://secunia.com/advisories/\n\nSecunia believes that it is important to support the community and to\ndo active vulnerability research in order to aid improving the \nsecurity and reliability of software in general:\n\nhttp://secunia.com/secunia_research/\n\nSecunia regularly hires new skilled team members. Check the URL below\nto see currently vacant positions:\n\nhttp://secunia.com/corporate/jobs/\n\nSecunia offers a FREE mailing list called Secunia Security Advisories:\n\nhttp://secunia.com/advisories/mailing_lists/\n\n====================================================================== \n10) Verification \n\nPlease verify this advisory by visiting the Secunia website:\nhttp://secunia.com/secunia_research/2010-20/\n\nComplete list of vulnerability reports published by Secunia Research:\nhttp://secunia.com/secunia_research/\n\n======================================================================\n\n_______________________________________________\nFull-Disclosure - We believe in it. iDefense Security Advisory 05.11.10\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nMay 11, 2010\n\nI. BACKGROUND\n\nAdobe Shockwave Player is a popular Web browser plugin. It is available\nfor multiple Web browsers and platforms, including Windows, and MacOS. \nShockwave Player enables Web browsers to display rich multimedia\ncontent in the form of Shockwave videos. For more information, see the\nvendor\u0027s site found at the following link:\u003cBR\u003e \u003cBR\u003e\nhttp://get.adobe.com/shockwave\n\nII. \u003cBR\u003e \u003cBR\u003e The\nvulnerability takes place during the processing of a certain malformed\nfile. A function calculates an offset to be used within a memory mapped\nfile and returns the offset value. The return value is not checked. This\ncan lead to a condition where an attacker is able to overwrite memory\noutside the bounds of the allocated memory map. \n\nIII. To exploit\nthis vulnerability, a targeted user must load a malicious file created\nby an attacker. An attacker typically accomplishes this via social\nengineering or injecting content into a compromised, trusted site. \u003cBR\u003e\n\u003cBR\u003e Adobe Shockwave Player implements a custom memory management system\nfor object allocation. Due to the design of the memory allocator, an\nattacker is able to predict the distance of objects within a memory\nmap. This condition can help facilitate reliable exploitation of this\nvulnerability. \n\nIV. DETECTION\n\niDefense has confirmed the existence of this vulnerability in the latest\nversion of Shockwave Player at the time of testing, version 11.5.6r606. \n\nV. WORKAROUND\n\nThe killbit for the Shockwave Player ActiveX control can be set by\ncreating the following registry key:\u003cBR\u003e \u003cBR\u003e\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX\nCompatibility\\{233C1507-6A77-46A4-9443-F871F945D258} Under this key\ncreate a new DWORD value called \"Compatibility Flags\" and set its\nhexadecimal value to 400. \u003cBR\u003e \u003cBR\u003e To re-enable Shockwave Player set\nthe \"Compatibility Flags\" value to 0. \n\nVI. VENDOR RESPONSE\n\nAdobe has released a fix which addresses this issue. Information about\ndownloadable vendor updates can be found by clicking on the URLs shown. \n\nhttp://get.adobe.com/shockwave/\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2010-0129 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n03/03/2010  Initial Vendor Notification\n03/03/2009  Initial Vendor Reply\n05/11/2010  Coordinated Public Disclosure\n\nIX. CREDIT\n\nThe discoverer of this vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2010 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-0129"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001475"
      },
      {
        "db": "BID",
        "id": "40082"
      },
      {
        "db": "ZSL",
        "id": "ZSL-2010-4937"
      },
      {
        "db": "VULHUB",
        "id": "VHN-42734"
      },
      {
        "db": "PACKETSTORM",
        "id": "89462"
      },
      {
        "db": "PACKETSTORM",
        "id": "89431"
      },
      {
        "db": "PACKETSTORM",
        "id": "89490"
      },
      {
        "db": "PACKETSTORM",
        "id": "89441"
      },
      {
        "db": "PACKETSTORM",
        "id": "89436"
      }
    ],
    "trust": 2.52
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.zeroscience.mk/codes/shockwave_mem.txt",
        "trust": 0.1,
        "type": "poc"
      },
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-42734",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "ZSL",
        "id": "ZSL-2010-4937"
      },
      {
        "db": "VULHUB",
        "id": "VHN-42734"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-0129",
        "trust": 3.2
      },
      {
        "db": "SECUNIA",
        "id": "38751",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "40082",
        "trust": 2.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1128",
        "trust": 2.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001475",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-191",
        "trust": 0.7
      },
      {
        "db": "ZSL",
        "id": "ZSL-2010-4937",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "89436",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "89441",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "89490",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "89431",
        "trust": 0.2
      },
      {
        "db": "XF",
        "id": "58447",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "12578",
        "trust": 0.1
      },
      {
        "db": "BID",
        "id": "40081",
        "trust": 0.1
      },
      {
        "db": "OSVDB",
        "id": "64646",
        "trust": 0.1
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2010.0436",
        "trust": 0.1
      },
      {
        "db": "SECTRACK",
        "id": "1023980",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-42734",
        "trust": 0.1
      },
      {
        "db": "ZDI",
        "id": "ZDI-10-087",
        "trust": 0.1
      },
      {
        "db": "ZDI",
        "id": "ZDI-10-089",
        "trust": 0.1
      },
      {
        "db": "ZDI",
        "id": "ZDI-10-088",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "89462",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZSL",
        "id": "ZSL-2010-4937"
      },
      {
        "db": "VULHUB",
        "id": "VHN-42734"
      },
      {
        "db": "BID",
        "id": "40082"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001475"
      },
      {
        "db": "PACKETSTORM",
        "id": "89462"
      },
      {
        "db": "PACKETSTORM",
        "id": "89431"
      },
      {
        "db": "PACKETSTORM",
        "id": "89490"
      },
      {
        "db": "PACKETSTORM",
        "id": "89441"
      },
      {
        "db": "PACKETSTORM",
        "id": "89436"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0129"
      }
    ]
  },
  "id": "VAR-201005-0052",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42734"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:47:30.780000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APSB10-12",
        "trust": 0.8,
        "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
      },
      {
        "title": "APSB10-12",
        "trust": 0.8,
        "url": "http://www.adobe.com/jp/support/security/bulletins/apsb10-12.html"
      },
      {
        "title": "Shockwave 11.5.7.609 for Mac Slim",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=3595"
      },
      {
        "title": "Adobe Shockwave Player version 11.5.7.609",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=3594"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001475"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-191"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-190",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-189",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42734"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001475"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0129"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "http://www.vupen.com/english/advisories/2010/1128"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/40082"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/38751"
      },
      {
        "trust": 2.4,
        "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
      },
      {
        "trust": 2.2,
        "url": "http://secunia.com/secunia_research/2010-20/"
      },
      {
        "trust": 2.1,
        "url": "http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html"
      },
      {
        "trust": 1.8,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html"
      },
      {
        "trust": 1.8,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/511262/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/511256/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7134"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0129"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0129"
      },
      {
        "trust": 0.4,
        "url": "http://www.adobe.com/products/shockwaveplayer/"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0129"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/38751/"
      },
      {
        "trust": 0.2,
        "url": "http://get.adobe.com/shockwave/"
      },
      {
        "trust": 0.2,
        "url": "http://www.vulnhunt.com"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://packetstormsecurity.org/filedesc/zsl-2010-4937.txt.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.qualys.com/research/alerts/view.php/2010-05-11-2"
      },
      {
        "trust": 0.1,
        "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1280"
      },
      {
        "trust": 0.1,
        "url": "http://www.exploit-db.com/exploits/12578"
      },
      {
        "trust": 0.1,
        "url": "http://www.securityfocus.com/bid/40081"
      },
      {
        "trust": 0.1,
        "url": "http://www.0daynet.com/2010/0512/335.html"
      },
      {
        "trust": 0.1,
        "url": "http://securityreason.com/exploitalert/8249"
      },
      {
        "trust": 0.1,
        "url": "http://forums.cnet.com/5208-6132_102-0.html?messageid=3303052"
      },
      {
        "trust": 0.1,
        "url": "http://news.dreamings.org/?p=1050"
      },
      {
        "trust": 0.1,
        "url": "http://securitytracker.com/alerts/2010/may/1023980.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.auscert.org.au/render.html?it=12789"
      },
      {
        "trust": 0.1,
        "url": "http://securityvulns.ru/xdocument830.html"
      },
      {
        "trust": 0.1,
        "url": "http://xforce.iss.net/xforce/xfdb/58447"
      },
      {
        "trust": 0.1,
        "url": "http://osvdb.org/show/osvdb/64646"
      },
      {
        "trust": 0.1,
        "url": "http://www.nessus.org/plugins/index.php?view=single\u0026amp;id=46329"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_research/2010-19/"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-10-089/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/company/jobs/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_research/2010-17/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-10-087/"
      },
      {
        "trust": 0.1,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_research/2010-34/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-10-088/"
      },
      {
        "trust": 0.1,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_research/2010-22/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_research/2010-50/"
      },
      {
        "trust": 0.1,
        "url": "http://www.coresecurity.com/content/adobe-director-invalid-read"
      },
      {
        "trust": 0.1,
        "url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2010-4937.php"
      },
      {
        "trust": 0.1,
        "url": "http://www.vupen.com/english/wass/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vupen.com/english/research.php"
      },
      {
        "trust": 0.1,
        "url": "http://www.vupen.com/english/services/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vupen.com/exploits/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_research/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/corporate/jobs/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/mailing_lists/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/),"
      },
      {
        "trust": 0.1,
        "url": "http://get.adobe.com/shockwave"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/"
      }
    ],
    "sources": [
      {
        "db": "ZSL",
        "id": "ZSL-2010-4937"
      },
      {
        "db": "VULHUB",
        "id": "VHN-42734"
      },
      {
        "db": "BID",
        "id": "40082"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001475"
      },
      {
        "db": "PACKETSTORM",
        "id": "89462"
      },
      {
        "db": "PACKETSTORM",
        "id": "89431"
      },
      {
        "db": "PACKETSTORM",
        "id": "89490"
      },
      {
        "db": "PACKETSTORM",
        "id": "89441"
      },
      {
        "db": "PACKETSTORM",
        "id": "89436"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0129"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZSL",
        "id": "ZSL-2010-4937"
      },
      {
        "db": "VULHUB",
        "id": "VHN-42734"
      },
      {
        "db": "BID",
        "id": "40082"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001475"
      },
      {
        "db": "PACKETSTORM",
        "id": "89462"
      },
      {
        "db": "PACKETSTORM",
        "id": "89431"
      },
      {
        "db": "PACKETSTORM",
        "id": "89490"
      },
      {
        "db": "PACKETSTORM",
        "id": "89441"
      },
      {
        "db": "PACKETSTORM",
        "id": "89436"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0129"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-05-11T00:00:00",
        "db": "ZSL",
        "id": "ZSL-2010-4937"
      },
      {
        "date": "2010-05-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-42734"
      },
      {
        "date": "2010-05-11T00:00:00",
        "db": "BID",
        "id": "40082"
      },
      {
        "date": "2010-05-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001475"
      },
      {
        "date": "2010-05-13T07:29:48",
        "db": "PACKETSTORM",
        "id": "89462"
      },
      {
        "date": "2010-05-12T02:59:43",
        "db": "PACKETSTORM",
        "id": "89431"
      },
      {
        "date": "2010-05-14T14:47:20",
        "db": "PACKETSTORM",
        "id": "89490"
      },
      {
        "date": "2010-05-12T15:27:06",
        "db": "PACKETSTORM",
        "id": "89441"
      },
      {
        "date": "2010-05-12T15:17:03",
        "db": "PACKETSTORM",
        "id": "89436"
      },
      {
        "date": "2010-05-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201005-191"
      },
      {
        "date": "2010-05-13T17:30:01.827000",
        "db": "NVD",
        "id": "CVE-2010-0129"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-03-06T00:00:00",
        "db": "ZSL",
        "id": "ZSL-2010-4937"
      },
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-42734"
      },
      {
        "date": "2010-05-12T11:12:00",
        "db": "BID",
        "id": "40082"
      },
      {
        "date": "2010-05-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001475"
      },
      {
        "date": "2022-06-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201005-191"
      },
      {
        "date": "2024-11-21T01:11:35.620000",
        "db": "NVD",
        "id": "CVE-2010-0129"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "89431"
      },
      {
        "db": "PACKETSTORM",
        "id": "89436"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-191"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Adobe Shockwave Player Integer overflow vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001475"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-191"
      }
    ],
    "trust": 0.6
  }
}

CERTA-2010-AVI-207

Vulnerability from certfr_avis

De multiples vulnérabilités dans Adobe Shockwave Player permettent à une personne malintentionnée d'exécuter du code arbitraire à distance via Adobe Shockwave Player.

Description

Plusieurs vulnérabilités de type corruption de mémoire, boucle infine ou dépassement de mémoire tampon permettent à une personne distante malintentionnée d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Adobe Shockwave Player versions 11.5.6.606 et antérieures pour Windows et Macintosh.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-0129 (GCVE-0-2010-0129)

Vulnerability from cvelistv5

fkie_cve-2010-0129

Vulnerability from fkie_nvd

gsd-2010-0129

Vulnerability from gsd

ghsa-3843-gw6w-ffcc

Vulnerability from github

var-201005-0052

Vulnerability from variot

About Code Audit Labs:

. Binary Analysis & Proof-of-concept

V. CREDIT

VII. ABOUT VUPEN Security

VIII. REFERENCES

CERTA-2010-AVI-207

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature