Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 11.5.9.620 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an unloaded library. NOTE: some of these details are obtained from third party information.
{"openvas": [{"lastseen": "2020-04-27T19:23:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4092"], "description": "This host is installed with Adobe Shockwave Player and is prone\n to use-after-free vulnerability.", "modified": "2020-04-24T00:00:00", "published": "2010-11-12T00:00:00", "id": "OPENVAS:1361412562310801631", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801631", "type": "openvas", "title": "Adobe Shockwave Player Use-After-Free Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Shockwave Player Use-After-Free Vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801631\");\n script_version(\"2020-04-24T07:24:50+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-24 07:24:50 +0000 (Fri, 24 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-11-12 15:34:28 +0100 (Fri, 12 Nov 2010)\");\n script_cve_id(\"CVE-2010-4092\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Shockwave Player Use-After-Free Vulnerability\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/42112\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_mandatory_keys(\"Adobe/ShockwavePlayer/Ver\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let the user-assisted remote\n attackers to execute arbitrary code via a crafted web site related to the\n Shockwave Settings window and an unloaded library.\");\n\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player Version 11.5.9.615 on Windows.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to a use-after-free error in an automatically\n installed compatibility component.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Shockwave Player Version 11.5.9.620.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave Player and is prone\n to use-after-free vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nshockVer = get_kb_item(\"Adobe/ShockwavePlayer/Ver\");\nif(!shockVer){\n exit(0);\n}\n\nif(version_is_less_equal(version:shockVer, test_version:\"11.5.9.615\")){\n report = report_fixed_ver(installed_version:shockVer, vulnerable_range:\"Less or equal to 11.5.9.615\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:09:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4092"], "description": "This host is installed with Adobe Shockwave Player and is prone\nto use-after-free vulnerability.", "modified": "2017-02-10T00:00:00", "published": "2010-11-12T00:00:00", "id": "OPENVAS:801631", "href": "http://plugins.openvas.org/nasl.php?oid=801631", "type": "openvas", "title": "Adobe Shockwave Player Use-After-Free Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_use_after_free_vuln.nasl 5263 2017-02-10 13:45:51Z teissa $\n#\n# Adobe Shockwave Player Use-After-Free Vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let the user-assisted remote\nattackers to execute arbitrary code via a crafted web site related to the\nShockwave Settings window and an unloaded library.\n\nImpact Level: System/Application.\";\n\ntag_affected = \"Adobe Shockwave Player Version 11.5.9.615 on Windows.\";\n\ntag_insight = \"The flaw is due to a use-after-free error in an automatically\ninstalled compatibility component.\";\n\ntag_solution = \"Upgrade to Adobe Shockwave Player Version 11.5.9.620,\nFor updates refer to http://get.adobe.com/shockwave/otherversions/\";\n\ntag_summary = \"This host is installed with Adobe Shockwave Player and is prone\nto use-after-free vulnerability.\";\n\nif(description)\n{\n script_id(801631);\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-12 15:34:28 +0100 (Fri, 12 Nov 2010)\");\n script_cve_id(\"CVE-2010-4092\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Shockwave Player Use-After-Free Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/42112\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_require_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nshockVer = get_kb_item(\"Adobe/ShockwavePlayer/Ver\");\nif(!shockVer){\n exit(0);\n}\n\n## Check for Adobe Shockwave Player 11.5.9.615\nif(version_is_equal(version:shockVer, test_version:\"11.5.9.615\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:34", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple remote code execution vulnerabilities.", "cvss3": {}, "published": "2011-02-15T00:00:00", "type": "openvas", "title": "Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Feb 2011", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4187", "CVE-2011-0555", "CVE-2010-4307", "CVE-2010-4192", "CVE-2010-4093", "CVE-2010-2589", "CVE-2011-0569", "CVE-2011-0556", "CVE-2010-4189", "CVE-2010-4190", "CVE-2010-4195", "CVE-2010-2588", "CVE-2011-0557", "CVE-2010-4196", "CVE-2010-4193", "CVE-2010-2587", "CVE-2010-4188", "CVE-2010-4191", "CVE-2010-4092", "CVE-2010-4194", "CVE-2010-4306"], "modified": "2017-02-25T00:00:00", "id": "OPENVAS:801846", "href": "http://plugins.openvas.org/nasl.php?oid=801846", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_code_exec_vuln_feb11.nasl 5424 2017-02-25 16:52:36Z teissa $\n#\n# Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Feb 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to execute arbitrary code by\n tricking a user into visiting a specially crafted web page.\n Impact Level: Application.\";\ntag_affected = \"Adobe Shockwave Player Versions prior to 11.5.9.620 on Windows.\";\ntag_insight = \"Multiple flaws are caused by input validation errors, memory corruptions,\n buffer and integer overflows, and use-after-free errors in the DIRAPI, IML32,\n TextXtra, 3d Asset, and Xtra.x32 modules when processing malformed Shockwave\n or Director files.\";\ntag_solution = \"Upgrade to Adobe Shockwave Player version 11.5.9.620 or later,\n For updates refer to http://get.adobe.com/shockwave/otherversions/\";\ntag_summary = \"This host is installed with Adobe Shockwave Player and is prone\n to multiple remote code execution vulnerabilities.\";\n\nif(description)\n{\n script_id(801846);\n script_version(\"$Revision: 5424 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-15 08:14:35 +0100 (Tue, 15 Feb 2011)\");\n script_cve_id(\"CVE-2010-2587\", \"CVE-2010-2588\", \"CVE-2010-2589\",\n \"CVE-2010-4092\", \"CVE-2010-4093\", \"CVE-2010-4187\",\n \"CVE-2010-4188\", \"CVE-2010-4189\", \"CVE-2010-4190\",\n \"CVE-2010-4191\", \"CVE-2010-4192\", \"CVE-2010-4193\",\n \"CVE-2010-4194\", \"CVE-2010-4195\", \"CVE-2010-4196\",\n \"CVE-2010-4306\", \"CVE-2010-4307\", \"CVE-2011-0555\",\n \"CVE-2011-0556\", \"CVE-2011-0557\", \"CVE-2011-0569\");\n script_bugtraq_id(46146);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Feb 2011\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2011/0335\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb11-01.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_require_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nshockVer = get_kb_item(\"Adobe/ShockwavePlayer/Ver\");\nif(!shockVer){\n exit(0);\n}\n\n## Check for Adobe Shockwave Player versions prior to 11.5.9.620\nif(version_is_less(version:shockVer, test_version:\"11.5.9.620\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-27T19:22:34", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple remote code execution vulnerabilities.", "cvss3": {}, "published": "2011-02-15T00:00:00", "type": "openvas", "title": "Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Feb 2011", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4187", "CVE-2011-0555", "CVE-2010-4307", "CVE-2010-4192", "CVE-2010-4093", "CVE-2010-2589", "CVE-2011-0569", "CVE-2011-0556", "CVE-2010-4189", "CVE-2010-4190", "CVE-2010-4195", "CVE-2010-2588", "CVE-2011-0557", "CVE-2010-4196", "CVE-2010-4193", "CVE-2010-2587", "CVE-2010-4188", "CVE-2010-4191", "CVE-2010-4092", "CVE-2010-4194", "CVE-2010-4306"], "modified": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310801846", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801846", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Feb 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801846\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-02-15 08:14:35 +0100 (Tue, 15 Feb 2011)\");\n script_cve_id(\"CVE-2010-2587\", \"CVE-2010-2588\", \"CVE-2010-2589\",\n \"CVE-2010-4092\", \"CVE-2010-4093\", \"CVE-2010-4187\",\n \"CVE-2010-4188\", \"CVE-2010-4189\", \"CVE-2010-4190\",\n \"CVE-2010-4191\", \"CVE-2010-4192\", \"CVE-2010-4193\",\n \"CVE-2010-4194\", \"CVE-2010-4195\", \"CVE-2010-4196\",\n \"CVE-2010-4306\", \"CVE-2010-4307\", \"CVE-2011-0555\",\n \"CVE-2011-0556\", \"CVE-2011-0557\", \"CVE-2011-0569\");\n script_bugtraq_id(46146);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Feb 2011\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2011/0335\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-01.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_mandatory_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to execute arbitrary code by\n tricking a user into visiting a specially crafted web page.\");\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player Versions prior to 11.5.9.620 on Windows.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are caused by input validation errors, memory corruptions,\n buffer and integer overflows, and use-after-free errors in the DIRAPI, IML32,\n TextXtra, 3d Asset, and Xtra.x32 modules when processing malformed Shockwave\n or Director files.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Shockwave Player version 11.5.9.620 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave Player and is prone\n to multiple remote code execution vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://get.adobe.com/shockwave/otherversions/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nshockVer = get_kb_item(\"Adobe/ShockwavePlayer/Ver\");\nif(!shockVer){\n exit(0);\n}\n\nif(version_is_less(version:shockVer, test_version:\"11.5.9.620\")){\n report = report_fixed_ver(installed_version:shockVer, fixed_version:\"11.5.9.620\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-04-16T14:13:27", "description": "The remote Mac OS X host contains a version of Adobe Shockwave Player that is 11.5.9.615 or earlier. It is, therefore, affected by multiple vulnerabilities :\n\n - Several unspecified errors exist in the 'dirapi.dll' module that allow arbitrary code execution.\n (CVE-2010-2587, CVE-2010-2588, CVE-2010-4188)\n\n - An error exists in the 'dirapi.dll' module related to an integer overflow that allows arbitrary code execution. (CVE-2010-2589)\n\n - It is reported that a use-after-free error exists in an unspecified compatibility component related to the 'Settings' window and an unloaded, unspecified library.\n This error is reported to allow arbitrary code execution when a crafted, malicious website is visited.\n (CVE-2010-4092)\n\n - Unspecified errors exist that allow arbitrary code execution or memory corruption. The attack vectors is unspecified. (CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, CVE-2010-4306, CVE-2011-0555)\n\n - An input validation error exists in the 'IML32' module that allows arbitrary code execution when processing the global color table size of a GIF image contained in a Director movie. (CVE-2010-4189)\n\n - An unspecified input validation error exists that allows arbitrary code execution through unspecified vectors.\n (CVE-2010-4193)\n\n - An unspecified input validation error exists in the 'dirapi.dll' module that allows arbitrary code execution through unspecified vectors. (CVE-2010-4194)\n\n - An integer overflow error exists in the '3D Assets' module when parsing 3D assets containing the record type '0xFFFFFF45'. This error allows arbitrary code execution. (CVE-2010-4196)\n\n - An input validation error exists in the 'DEMUX' chunks parsing portion of the 'TextXtra.x32' module. This error allows arbitrary code execution. (CVE-2010-4195)\n\n - An unspecified buffer overflow error exists that allows arbitrary code execution through unspecified vectors.\n (CVE-2010-4307)\n\n - An error exists in the 'PFR1' chunks parsing portion of the 'Font Xtra.x32' module. This error allows arbitrary code execution. (CVE-2011-0556)\n\n - An unspecified integer overflow error exists that allows arbitrary code execution through unspecified vectors (CVE-2011-0557)\n\n - An error exists in the 'Font Xtra.x32' module related to signedness that allows arbitrary code execution.\n (CVE-2011-0569)", "cvss3": {"score": null, "vector": null}, "published": "2014-12-22T00:00:00", "type": "nessus", "title": "Adobe Shockwave Player <= 11.5.9.615 (APSB11-01) (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2587", "CVE-2010-2588", "CVE-2010-2589", "CVE-2010-4092", "CVE-2010-4093", "CVE-2010-4187", "CVE-2010-4188", "CVE-2010-4189", "CVE-2010-4190", "CVE-2010-4191", "CVE-2010-4192", "CVE-2010-4193", "CVE-2010-4194", "CVE-2010-4195", "CVE-2010-4196", "CVE-2010-4306", "CVE-2010-4307", "CVE-2011-0555", "CVE-2011-0556", "CVE-2011-0557", "CVE-2011-0569"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:shockwave_player"], "id": "MACOSX_SHOCKWAVE_PLAYER_APSB11-01.NASL", "href": "https://www.tenable.com/plugins/nessus/80175", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80175);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2010-2587\",\n \"CVE-2010-2588\",\n \"CVE-2010-2589\",\n \"CVE-2010-4092\",\n \"CVE-2010-4093\",\n \"CVE-2010-4187\",\n \"CVE-2010-4188\",\n \"CVE-2010-4189\",\n \"CVE-2010-4190\",\n \"CVE-2010-4191\",\n \"CVE-2010-4192\",\n \"CVE-2010-4193\",\n \"CVE-2010-4194\",\n \"CVE-2010-4195\",\n \"CVE-2010-4196\",\n \"CVE-2010-4306\",\n \"CVE-2010-4307\",\n \"CVE-2011-0555\",\n \"CVE-2011-0556\",\n \"CVE-2011-0557\",\n \"CVE-2011-0569\"\n );\n script_bugtraq_id(\n 44617,\n 46316,\n 46317,\n 46318,\n 46319,\n 46320,\n 46321,\n 46324,\n 46325,\n 46326,\n 46327,\n 46328,\n 46329,\n 46330,\n 46332,\n 46333,\n 46334,\n 46335,\n 46336,\n 46338,\n 46339\n );\n script_xref(name:\"SECUNIA\", value:\"42112\");\n\n script_name(english:\"Adobe Shockwave Player <= 11.5.9.615 (APSB11-01) (Mac OS X)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is 11.5.9.615 or earlier. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Several unspecified errors exist in the 'dirapi.dll'\n module that allow arbitrary code execution.\n (CVE-2010-2587, CVE-2010-2588, CVE-2010-4188)\n\n - An error exists in the 'dirapi.dll' module related to\n an integer overflow that allows arbitrary code\n execution. (CVE-2010-2589)\n\n - It is reported that a use-after-free error exists in an\n unspecified compatibility component related to the\n 'Settings' window and an unloaded, unspecified library.\n This error is reported to allow arbitrary code execution\n when a crafted, malicious website is visited.\n (CVE-2010-4092)\n\n - Unspecified errors exist that allow arbitrary code\n execution or memory corruption. The attack vectors is\n unspecified. (CVE-2010-4093, CVE-2010-4187,\n CVE-2010-4190, CVE-2010-4191, CVE-2010-4192,\n CVE-2010-4306, CVE-2011-0555)\n\n - An input validation error exists in the 'IML32' module\n that allows arbitrary code execution when processing the\n global color table size of a GIF image contained in a\n Director movie. (CVE-2010-4189)\n\n - An unspecified input validation error exists that allows\n arbitrary code execution through unspecified vectors.\n (CVE-2010-4193)\n\n - An unspecified input validation error exists in the\n 'dirapi.dll' module that allows arbitrary code execution\n through unspecified vectors. (CVE-2010-4194)\n\n - An integer overflow error exists in the '3D Assets'\n module when parsing 3D assets containing the record\n type '0xFFFFFF45'. This error allows arbitrary code\n execution. (CVE-2010-4196)\n\n - An input validation error exists in the 'DEMUX' chunks\n parsing portion of the 'TextXtra.x32' module. This\n error allows arbitrary code execution. (CVE-2010-4195)\n\n - An unspecified buffer overflow error exists that allows\n arbitrary code execution through unspecified vectors.\n (CVE-2010-4307)\n\n - An error exists in the 'PFR1' chunks parsing portion\n of the 'Font Xtra.x32' module. This error allows\n arbitrary code execution. (CVE-2011-0556)\n\n - An unspecified integer overflow error exists that allows\n arbitrary code execution through unspecified vectors\n (CVE-2011-0557)\n\n - An error exists in the 'Font Xtra.x32' module related\n to signedness that allows arbitrary code execution.\n (CVE-2011-0569)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-078/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-079/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-080/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-01.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Shockwave 11.5.9.620 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-0569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"shockwave_player_detect_macosx.nbin\");\n script_require_keys(\"installed_sw/Shockwave Player\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp = 'Shockwave Player';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\nif (ver_compare(ver:ver, fix:'11.5.9.615', strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed versions : 11.5.9.620' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(port:0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:01:34", "description": "The remote Windows host contains a version of Adobe's Shockwave Player that is earlier than 11.5.9.620. Such versions are potentially affected by the following issues :\n\n - Several unspecified errors exist in the 'dirapi.dll' module that may allow arbitrary code execution. (CVE-2010-2587, CVE-2010-2588, CVE-2010-4188)\n\n - An error exists in the 'dirapi.dll' module related to an integer overflow and that may allow arbitrary code execution. (CVE-2010-2589)\n\n - It is reported that a use-after-free error exists in an unspecified compatibility component related to the 'Settings' window and an unloaded, unspecified library. This error is reported to allow arbitrary code execution when a crafted, malicious website is visited. (CVE-2010-4092)\n\n - Unspecified errors exist that may allow arbitrary code execution or memory corruption. The attack vectors is unspecified. (CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, CVE-2010-4306, CVE-2011-0555)\n\n - An input validation error exists in the 'IML32' module that may allow arbitrary code execution when processing global color table size of a GIF image contained in a Director movie. (CVE-2010-4189)\n\n - An unspecified input validation error exists that may allow arbitrary code execution through unspecified vectors. (CVE-2010-4193)\n\n - An unspecified input validation error exists in the 'dirapi.dll' module that may allow arbitrary code execution through unspecified vectors. (CVE-2010-4194)\n\n - An integer overflow error exists in the '3D Assets' module when parsing 3D assets containing the record type '0xFFFFFF45'. This error may allow arbitrary code execution. (CVE-2010-4196)\n\n - An input validation error exists in the 'DEMUX' chunks parsing portion of the 'TextXtra.x32' module. This error may allow arbitrary code execution. (CVE-2010-4195)\n\n - An unspecified buffer overflow error exists that may allow arbitrary code execution through unspecified vectors. (CVE-2010-4307)\n\n - An error exists in the 'PFR1' chunks parsing portion of the 'Font Xtra.x32' module. This error may allow arbitrary code execution. (CVE-2011-0556)\n\n - An unspecified integer overflow error exists that may allow arbitrary code execution through unspecified vectors.(CVE-2011-0557)\n\n - An error exists in the 'Font Xtra.x32' module related to signedness that may allow arbitrary code execution.\n (CVE-2011-0569)", "cvss3": {"score": null, "vector": null}, "published": "2011-02-10T00:00:00", "type": "nessus", "title": "Shockwave Player < 11.5.9.620 (APSB11-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2587", "CVE-2010-2588", "CVE-2010-2589", "CVE-2010-4092", "CVE-2010-4093", "CVE-2010-4187", "CVE-2010-4188", "CVE-2010-4189", "CVE-2010-4190", "CVE-2010-4191", "CVE-2010-4192", "CVE-2010-4193", "CVE-2010-4194", "CVE-2010-4195", "CVE-2010-4196", "CVE-2010-4306", "CVE-2010-4307", "CVE-2011-0555", "CVE-2011-0556", "CVE-2011-0557", "CVE-2011-0569"], "modified": "2018-07-27T00:00:00", "cpe": ["cpe:/a:adobe:shockwave_player"], "id": "SHOCKWAVE_PLAYER_APSB11-01.NASL", "href": "https://www.tenable.com/plugins/nessus/51936", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51936);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\n \"CVE-2010-2587\", \"CVE-2010-2588\", \"CVE-2010-2589\", \"CVE-2010-4092\", \n \"CVE-2010-4093\", \"CVE-2010-4187\", \"CVE-2010-4188\", \"CVE-2010-4189\",\n \"CVE-2010-4190\", \"CVE-2010-4191\", \"CVE-2010-4192\", \"CVE-2010-4193\",\n \"CVE-2010-4194\", \"CVE-2010-4195\", \"CVE-2010-4196\", \"CVE-2010-4306\",\n \"CVE-2010-4307\", \"CVE-2011-0555\", \"CVE-2011-0556\", \"CVE-2011-0557\",\n \"CVE-2011-0569\");\n script_bugtraq_id(\n 44617, \n 46316,\n 46317,\n 46318,\n 46319,\n 46320,\n 46321,\n 46324,\n 46325,\n 46326,\n 46327,\n 46328,\n 46329,\n 46330,\n 46332,\n 46333,\n 46334,\n 46335,\n 46336,\n 46338,\n 46339\n );\n script_xref(name:\"Secunia\", value:\"42112\");\n\n script_name(english:\"Shockwave Player < 11.5.9.620 (APSB11-01)\");\n script_summary(english:\"Checks version of Shockwave Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe's Shockwave\nPlayer that is earlier than 11.5.9.620. Such versions are potentially\naffected by the following issues :\n\n - Several unspecified errors exist in the 'dirapi.dll' \n module that may allow arbitrary code execution. \n (CVE-2010-2587, CVE-2010-2588, CVE-2010-4188)\n\n - An error exists in the 'dirapi.dll' module related to \n an integer overflow and that may allow arbitrary code\n execution. (CVE-2010-2589)\n\n - It is reported that a use-after-free error exists in an\n unspecified compatibility component related to the \n 'Settings' window and an unloaded, unspecified library. \n This error is reported to allow arbitrary code execution \n when a crafted, malicious website is visited. \n (CVE-2010-4092)\n\n - Unspecified errors exist that may allow arbitrary \n code execution or memory corruption. The attack vectors\n is unspecified. (CVE-2010-4093, CVE-2010-4187, \n CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, \n CVE-2010-4306, CVE-2011-0555)\n\n - An input validation error exists in the 'IML32' module\n that may allow arbitrary code execution when processing \n global color table size of a GIF image contained in a \n Director movie. (CVE-2010-4189)\n\n - An unspecified input validation error exists that may\n allow arbitrary code execution through unspecified\n vectors. (CVE-2010-4193)\n\n - An unspecified input validation error exists in the \n 'dirapi.dll' module that may allow arbitrary code \n execution through unspecified vectors. (CVE-2010-4194)\n\n - An integer overflow error exists in the '3D Assets'\n module when parsing 3D assets containing the record\n type '0xFFFFFF45'. This error may allow arbitrary code\n execution. (CVE-2010-4196)\n\n - An input validation error exists in the 'DEMUX' chunks \n parsing portion of the 'TextXtra.x32' module. This\n error may allow arbitrary code execution. \n (CVE-2010-4195)\n\n - An unspecified buffer overflow error exists that may\n allow arbitrary code execution through unspecified\n vectors. (CVE-2010-4307)\n\n - An error exists in the 'PFR1' chunks parsing portion\n of the 'Font Xtra.x32' module. This error may allow\n arbitrary code execution. (CVE-2011-0556)\n\n - An unspecified integer overflow error exists that may\n allow arbitrary code execution through unspecified\n vectors.(CVE-2011-0557)\n\n - An error exists in the 'Font Xtra.x32' module related\n to signedness that may allow arbitrary code execution.\n (CVE-2011-0569)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-078/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-079/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-080/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-01.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Shockwave 11.5.9.620 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"shockwave_player_apsb09_08.nasl\");\n script_require_keys(\"SMB/shockwave_player\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_func.inc\");\n\nport = kb_smb_transport();\ninstalls = get_kb_list('SMB/shockwave_player/*/path');\nif (isnull(installs)) exit(0, 'Shockwave Player was not detected on the remote host.');\n\ninfo = NULL;\npattern = 'SMB/shockwave_player/([^/]+)/([^/]+)/path';\n\nforeach install (keys(installs))\n{\n match = eregmatch(string:install, pattern:pattern);\n if (!match) exit(1, 'Unexpected format of KB key \"' + install + '\".');\n\n file = installs[install];\n variant = match[1];\n version = match[2];\n\n if (ver_compare(ver:version, fix:'11.5.9.620') == -1)\n {\n if (variant == 'Plugin')\n info += '\\n - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n else if (variant == 'ActiveX')\n info += '\\n - ActiveX control (for Internet Explorer) :\\n';\n info += ' ' + file + ', ' + version + '\\n';\n }\n}\n\nif (!info) exit(0, 'No vulnerable installs of Shockwave Player were found.');\n\nif (report_verbosity > 0)\n{\n if (max_index(split(info)) > 2) s = \"s\";\n else s = \"\";\n\n report = \n '\\nNessus has identified the following vulnerable instance'+s+' of Shockwave'+\n '\\nPlayer installed on the remote host :\\n'+\n info;\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:38", "description": "Security update available for Shockwave Player\r\n\r\nRelease date: February 8, 2011\r\n\r\nVulnerability identifier: APSB11-01\r\n\r\nCVE number: CVE-2010-2587, CVE-2010-2588, CVE-2010-2589, CVE-2010-4092,\r\nCVE-2010-4093, CVE-2010-4187, CVE-2010-4188, CVE-2010-4189, CVE-2010-4190,\r\nCVE-2010-4191, CVE-2010-4192, CVE-2010-4193, CVE-2010-4194, CVE-2010-4195,\r\nCVE-2010-4196, CVE-2010-4306, CVE-2010-4307, CVE-2011-0555, CVE-2011-0556,\r\nCVE-2011-0557, CVE-2011-0569\r\n\r\nPlatform: Windows and Macintosh\r\nSummary\r\n\r\nCritical vulnerabilities have been identified in Adobe Shockwave Player 11.5.9.615 and earlier\r\nversions on the Windows and Macintosh operating systems. These vulnerabilities could allow an\r\nattacker, who successfully exploits these vulnerabilities, to run malicious code on the affected\r\nsystem. Adobe recommends users of Adobe Shockwave Player 11.5.9.615 and earlier versions\r\nupdate to Adobe Shockwave Player 11.5.9.620 using the instructions provided below.\r\nAffected software versions\r\n\r\nShockwave Player 11.5.9.615 and earlier versions for Windows and Macintosh\r\nSolution\r\n\r\nAdobe recommends users of Adobe Shockwave Player 11.5.9.615 and earlier versions upgrade to\r\nthe newest version 11.5.9.620, available here: http://get.adobe.com/shockwave/.\r\nSeverity rating\r\n\r\nAdobe categorizes this as a critical update and recommends that users apply the latest update for\r\ntheir product installation by following the instructions in the "Solution" section above.\r\nDetails\r\n\r\nCritical vulnerabilities have been identified in Adobe Shockwave Player 11.5.9.615 and earlier\r\nversions on the Windows and Macintosh operating systems. These vulnerabilities could allow an\r\nattacker, who successfully exploits these vulnerabilities, to run malicious code on the affected\r\nsystem. Adobe recommends users of Adobe Shockwave Player 11.5.9.615 and earlier versions\r\nupdate to Adobe Shockwave Player 11.5.9.620 using the instructions provided above.\r\n\r\nThis update resolves a memory corruption vulnerability in the dirapi.dll module that could lead\r\nto code execution (CVE-2010-2587).\r\n\r\nThis update resolves a memory corruption vulnerability in the dirapi.dll module that could lead\r\nto code execution (CVE-2010-2588).\r\n\r\nThis update resolves an integer overflow vulnerability in the dirapi.dll module that could lead to\r\ncode execution (CVE-2010-2589).\r\n\r\nThis update resolves a use-after-free vulnerability that could lead to code execution\r\n(CVE-2010-4092).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution\r\n(CVE-2010-4093).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution\r\n(CVE-2010-4187).\r\n\r\nThis update resolves a memory corruption vulnerability in the dirapi.dll module that could lead\r\nto code execution (CVE-2010-4188).\r\n\r\nThis update resolves a memory corruption vulnerability in the IML32 module that could lead to\r\ncode execution (CVE-2010-4189).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution\r\n(CVE-2010-4190).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution\r\n(CVE-2010-4191).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution\r\n(CVE-2010-4192).\r\n\r\nThis update resolves an input validation vulnerability that could lead to code execution\r\n(CVE-2010-4193).\r\n\r\nThis update resolves an input validation vulnerability in the dirapi.dll module that could lead to\r\ncode execution (CVE-2010-4194).\r\n\r\nThis update resolves an input validation vulnerability in the TextXtra module that could lead to\r\ncode execution (CVE-2010-4195).\r\n\r\nThis update resolves an input validation vulnerability in the Shockwave 3d Asset module that could\r\nlead to code execution (CVE-2010-4196).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution\r\n(CVE-2010-4306).\r\n\r\nThis update resolves a buffer overflow vulnerability that could lead to code execution\r\n(CVE-2010-4307).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution\r\n(CVE-2011-0555).\r\n\r\nThis update resolves a memory corruption vulnerability in the Font Xtra.x32 module that could\r\nlead to code execution (CVE-2011-0556).\r\n\r\nThis update resolves an integer overflow vulnerability that could lead to code execution\r\n(CVE-2011-0557).\r\n\r\nThis update resolves a memory corruption vulnerability in the Font Xtra.x32 module that could\r\nlead to code execution (CVE-2011-0569).\r\nAcknowledgments\r\n\r\nAdobe would like to thank the following individuals and organizations for reporting the relevant\r\nissues and for working with Adobe to help protect our customers:\r\n\u2022 Carsten Eiram, Secunia Research (CVE-2010-2587, CVE-2010-2588, CVE-2010-2589).\r\n\u2022 Krystian Kloskowski (h07), working with Secunia Research (CVE-2010-4092).\r\n\u2022 Will Dormann of CERT/CC (CVE-2010-4093, CVE-2010-4193, CVE-2010-4194,\r\nCVE-2010-4195, CVE-2010-4196).\r\n\u2022 Andrzej Dyjak of iDefense Labs (CVE-2010-4187).\r\n\u2022 Aaron Portnoy and Logan Brown, TippingPoint DVLabs (CVE-2010-4188).\r\n\u2022 Logan Brown and Aaron Portnoy, TippingPoint DVLabs(CVE-2011-0555,\r\nCVE-2011-0556).\r\n\u2022 Aaron Portnoy and Logan Brown, TippingPoint DVLabs (CVE-2010-4189).\r\n\u2022 Aniway and Luigi Auriemma through TippingPoint's Zero Day Initiative\r\n(CVE-2010-4190).\r\n\u2022 An anonymous reporter through TippingPoint's Zero Day Initiative (CVE-2010-4191).\r\n\u2022 Aniway through TippingPoint's Zero Day Initiative (CVE-2010-4192).\r\n\u2022 IBM X-Force (CVE-2010-4306, CVE-2010-4307).\r\n\u2022 An anonymous reporter through TippingPoint's Zero Day Initiative (CVE-2011-0557).\r\n\u2022 Logan Brown and Aaron Portnoy, TippingPoint DVLabs and Luigi Auriemma through TippingPoint's Zero\r\nDay Initiative (CVE-2011-0569). ", "edition": 1, "cvss3": {}, "published": "2011-02-11T00:00:00", "title": "Security update available for Shockwave Player", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-4187", "CVE-2011-0555", "CVE-2010-4307", "CVE-2010-4192", "CVE-2010-4093", "CVE-2010-2589", "CVE-2011-0569", "CVE-2011-0556", "CVE-2010-4189", "CVE-2010-4190", "CVE-2010-4195", "CVE-2010-2588", "CVE-2011-0557", "CVE-2010-4196", "CVE-2010-4193", "CVE-2010-2587", "CVE-2010-4188", "CVE-2010-4191", "CVE-2010-4092", "CVE-2010-4194", "CVE-2010-4306"], "modified": "2011-02-11T00:00:00", "id": "SECURITYVULNS:DOC:25658", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25658", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:12:17", "description": "Multiple memory corruptions.", "edition": 2, "cvss3": {}, "published": "2011-02-14T00:00:00", "title": "Adobe Shockwave Player multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-4187", "CVE-2011-0555", "CVE-2010-4307", "CVE-2010-4192", "CVE-2010-4093", "CVE-2010-2589", "CVE-2011-0569", "CVE-2011-0556", "CVE-2010-4189", "CVE-2010-4190", "CVE-2010-4195", "CVE-2010-2588", "CVE-2011-0557", "CVE-2010-4196", "CVE-2010-4193", "CVE-2010-2587", "CVE-2010-4188", "CVE-2010-4191", "CVE-2010-4092", "CVE-2010-4194", "CVE-2010-4306"], "modified": "2011-02-14T00:00:00", "id": "SECURITYVULNS:VULN:11417", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11417", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
CVE-2010-4092
