Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, and CVE-2010-4192.
{"cve": [{"lastseen": "2022-03-23T12:42:16", "description": "Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.", "cvss3": {}, "published": "2011-02-10T16:00:00", "type": "cve", "title": "CVE-2010-4093", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4093", "CVE-2010-4187", "CVE-2010-4190", "CVE-2010-4191", "CVE-2010-4192", "CVE-2010-4306", "CVE-2011-0555"], "modified": "2011-02-17T05:00:00", "cpe": ["cpe:/a:adobe:shockwave_player:11.5.2.602", "cpe:/a:adobe:shockwave_player:8.0", "cpe:/a:adobe:shockwave_player:10.1.0.11", "cpe:/a:adobe:shockwave_player:10.2.0.022", "cpe:/a:adobe:shockwave_player:8.5.1.100", "cpe:/a:adobe:shockwave_player:2.0", "cpe:/a:adobe:shockwave_player:8.0.205", "cpe:/a:adobe:shockwave_player:8.5.1.106", "cpe:/a:adobe:shockwave_player:11.5.0.596", "cpe:/a:adobe:shockwave_player:10.2.0.023", "cpe:/a:adobe:shockwave_player:8.5.321", "cpe:/a:adobe:shockwave_player:9.0.432", "cpe:/a:adobe:shockwave_player:10.1.1.016", "cpe:/a:adobe:shockwave_player:11.5.7.609", "cpe:/a:adobe:shockwave_player:8.5.323", "cpe:/a:adobe:shockwave_player:6.0", "cpe:/a:adobe:shockwave_player:8.0.204", "cpe:/a:adobe:shockwave_player:8.5.325", "cpe:/a:adobe:shockwave_player:11.5.9.615", "cpe:/a:adobe:shockwave_player:10.0.0.210", "cpe:/a:adobe:shockwave_player:10.0.1.004", "cpe:/a:adobe:shockwave_player:10.1.0.011", "cpe:/a:adobe:shockwave_player:11.5.1.601", "cpe:/a:adobe:shockwave_player:8.5.1.105", "cpe:/a:adobe:shockwave_player:9.0.383", "cpe:/a:adobe:shockwave_player:11.5.0.595", "cpe:/a:adobe:shockwave_player:11.0.0.456", "cpe:/a:adobe:shockwave_player:4.0", "cpe:/a:adobe:shockwave_player:11.5.6.606", "cpe:/a:adobe:shockwave_player:8.5.1", "cpe:/a:adobe:shockwave_player:1.0", "cpe:/a:adobe:shockwave_player:8.5.324", "cpe:/a:adobe:shockwave_player:8.0.196a", "cpe:/a:adobe:shockwave_player:8.0.196", "cpe:/a:adobe:shockwave_player:5.0", "cpe:/a:adobe:shockwave_player:3.0", "cpe:/a:adobe:shockwave_player:11.0.3.471", "cpe:/a:adobe:shockwave_player:10.2.0.021", "cpe:/a:adobe:shockwave_player:11.5.8.612", "cpe:/a:adobe:shockwave_player:9", "cpe:/a:adobe:shockwave_player:10.1.4.020", "cpe:/a:adobe:shockwave_player:8.5.1.103"], "id": "CVE-2010-4093", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4093", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.615:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:43:57", "description": "Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed chunk in a Director file, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.", "cvss3": {}, "published": "2011-02-10T16:00:00", "type": "cve", "title": "CVE-2010-4187", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4093", "CVE-2010-4187", "CVE-2010-4190", "CVE-2010-4191", "CVE-2010-4192", "CVE-2010-4306", "CVE-2011-0555"], "modified": "2011-02-17T05:00:00", "cpe": ["cpe:/a:adobe:shockwave_player:11.5.2.602", "cpe:/a:adobe:shockwave_player:8.0", "cpe:/a:adobe:shockwave_player:10.1.0.11", "cpe:/a:adobe:shockwave_player:10.2.0.022", "cpe:/a:adobe:shockwave_player:8.5.1.100", "cpe:/a:adobe:shockwave_player:2.0", "cpe:/a:adobe:shockwave_player:8.5.1.106", "cpe:/a:adobe:shockwave_player:8.0.205", "cpe:/a:adobe:shockwave_player:11.5.0.596", "cpe:/a:adobe:shockwave_player:10.2.0.023", "cpe:/a:adobe:shockwave_player:8.5.321", "cpe:/a:adobe:shockwave_player:9.0.432", "cpe:/a:adobe:shockwave_player:11.5.7.609", "cpe:/a:adobe:shockwave_player:10.1.1.016", "cpe:/a:adobe:shockwave_player:8.5.323", "cpe:/a:adobe:shockwave_player:6.0", "cpe:/a:adobe:shockwave_player:8.0.204", "cpe:/a:adobe:shockwave_player:8.5.325", "cpe:/a:adobe:shockwave_player:11.5.9.615", "cpe:/a:adobe:shockwave_player:10.0.0.210", "cpe:/a:adobe:shockwave_player:10.1.0.011", "cpe:/a:adobe:shockwave_player:10.0.1.004", "cpe:/a:adobe:shockwave_player:11.5.1.601", "cpe:/a:adobe:shockwave_player:8.5.1.105", "cpe:/a:adobe:shockwave_player:9.0.383", "cpe:/a:adobe:shockwave_player:11.5.0.595", "cpe:/a:adobe:shockwave_player:11.0.0.456", "cpe:/a:adobe:shockwave_player:4.0", "cpe:/a:adobe:shockwave_player:11.5.6.606", "cpe:/a:adobe:shockwave_player:8.5.1", "cpe:/a:adobe:shockwave_player:1.0", "cpe:/a:adobe:shockwave_player:5.0", "cpe:/a:adobe:shockwave_player:8.0.196a", "cpe:/a:adobe:shockwave_player:8.5.324", "cpe:/a:adobe:shockwave_player:8.0.196", "cpe:/a:adobe:shockwave_player:3.0", "cpe:/a:adobe:shockwave_player:11.0.3.471", "cpe:/a:adobe:shockwave_player:10.2.0.021", "cpe:/a:adobe:shockwave_player:11.5.8.612", "cpe:/a:adobe:shockwave_player:9", "cpe:/a:adobe:shockwave_player:10.1.4.020", "cpe:/a:adobe:shockwave_player:8.5.1.103"], "id": "CVE-2010-4187", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4187", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.615:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:43:59", "description": "Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted CSWV RIFF chunk that causes an incorrect calculation of an offset for a substructure, which causes an out-of-bounds \"seek\" of heap memory, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.", "cvss3": {}, "published": "2011-02-10T16:00:00", "type": "cve", "title": "CVE-2010-4190", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4093", "CVE-2010-4187", "CVE-2010-4190", "CVE-2010-4191", "CVE-2010-4192", "CVE-2010-4306", "CVE-2011-0555"], "modified": "2018-10-11T21:01:00", "cpe": ["cpe:/a:adobe:shockwave_player:11.5.2.602", "cpe:/a:adobe:shockwave_player:8.0", "cpe:/a:adobe:shockwave_player:10.1.0.11", "cpe:/a:adobe:shockwave_player:10.2.0.022", "cpe:/a:adobe:shockwave_player:8.5.1.100", "cpe:/a:adobe:shockwave_player:2.0", "cpe:/a:adobe:shockwave_player:8.5.1.106", "cpe:/a:adobe:shockwave_player:8.0.205", "cpe:/a:adobe:shockwave_player:11.5.0.596", "cpe:/a:adobe:shockwave_player:10.2.0.023", "cpe:/a:adobe:shockwave_player:8.5.321", "cpe:/a:adobe:shockwave_player:9.0.432", "cpe:/a:adobe:shockwave_player:11.5.7.609", "cpe:/a:adobe:shockwave_player:10.1.1.016", "cpe:/a:adobe:shockwave_player:8.5.323", "cpe:/a:adobe:shockwave_player:6.0", "cpe:/a:adobe:shockwave_player:8.0.204", "cpe:/a:adobe:shockwave_player:8.5.325", "cpe:/a:adobe:shockwave_player:11.5.9.615", "cpe:/a:adobe:shockwave_player:10.0.0.210", "cpe:/a:adobe:shockwave_player:10.1.0.011", "cpe:/a:adobe:shockwave_player:10.0.1.004", "cpe:/a:adobe:shockwave_player:11.5.1.601", "cpe:/a:adobe:shockwave_player:8.5.1.105", "cpe:/a:adobe:shockwave_player:9.0.383", "cpe:/a:adobe:shockwave_player:11.5.0.595", "cpe:/a:adobe:shockwave_player:11.0.0.456", "cpe:/a:adobe:shockwave_player:4.0", "cpe:/a:adobe:shockwave_player:11.5.6.606", "cpe:/a:adobe:shockwave_player:8.5.1", "cpe:/a:adobe:shockwave_player:1.0", "cpe:/a:adobe:shockwave_player:8.5.324", "cpe:/a:adobe:shockwave_player:8.0.196a", "cpe:/a:adobe:shockwave_player:8.0.196", "cpe:/a:adobe:shockwave_player:3.0", "cpe:/a:adobe:shockwave_player:11.0.3.471", "cpe:/a:adobe:shockwave_player:9", "cpe:/a:adobe:shockwave_player:10.2.0.021", "cpe:/a:adobe:shockwave_player:11.5.8.612", "cpe:/a:adobe:shockwave_player:5.0", "cpe:/a:adobe:shockwave_player:10.1.4.020", "cpe:/a:adobe:shockwave_player:8.5.1.103"], "id": "CVE-2010-4190", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4190", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.615:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:44:01", "description": "Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4192, and CVE-2010-4306.", "cvss3": {}, "published": "2011-02-10T16:00:00", "type": "cve", "title": "CVE-2010-4191", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4093", "CVE-2010-4187", "CVE-2010-4190", "CVE-2010-4191", "CVE-2010-4192", "CVE-2010-4306", "CVE-2011-0555"], "modified": "2011-02-17T05:00:00", "cpe": ["cpe:/a:adobe:shockwave_player:11.5.2.602", "cpe:/a:adobe:shockwave_player:8.0", "cpe:/a:adobe:shockwave_player:10.1.0.11", "cpe:/a:adobe:shockwave_player:10.2.0.022", "cpe:/a:adobe:shockwave_player:8.5.1.100", "cpe:/a:adobe:shockwave_player:2.0", "cpe:/a:adobe:shockwave_player:8.0.205", "cpe:/a:adobe:shockwave_player:8.5.1.106", "cpe:/a:adobe:shockwave_player:11.5.0.596", "cpe:/a:adobe:shockwave_player:10.2.0.023", "cpe:/a:adobe:shockwave_player:9.0.432", "cpe:/a:adobe:shockwave_player:8.5.321", "cpe:/a:adobe:shockwave_player:11.5.7.609", "cpe:/a:adobe:shockwave_player:10.1.1.016", "cpe:/a:adobe:shockwave_player:8.5.323", "cpe:/a:adobe:shockwave_player:6.0", "cpe:/a:adobe:shockwave_player:8.0.204", "cpe:/a:adobe:shockwave_player:8.5.325", "cpe:/a:adobe:shockwave_player:11.5.9.615", "cpe:/a:adobe:shockwave_player:10.0.0.210", "cpe:/a:adobe:shockwave_player:10.1.0.011", "cpe:/a:adobe:shockwave_player:10.0.1.004", "cpe:/a:adobe:shockwave_player:11.5.1.601", "cpe:/a:adobe:shockwave_player:8.5.1.105", "cpe:/a:adobe:shockwave_player:9.0.383", "cpe:/a:adobe:shockwave_player:11.5.0.595", "cpe:/a:adobe:shockwave_player:11.0.0.456", "cpe:/a:adobe:shockwave_player:4.0", "cpe:/a:adobe:shockwave_player:11.5.6.606", "cpe:/a:adobe:shockwave_player:8.5.1", "cpe:/a:adobe:shockwave_player:1.0", "cpe:/a:adobe:shockwave_player:8.0.196a", "cpe:/a:adobe:shockwave_player:8.0.196", "cpe:/a:adobe:shockwave_player:8.5.324", "cpe:/a:adobe:shockwave_player:3.0", "cpe:/a:adobe:shockwave_player:9", "cpe:/a:adobe:shockwave_player:11.0.3.471", "cpe:/a:adobe:shockwave_player:10.2.0.021", "cpe:/a:adobe:shockwave_player:11.5.8.612", "cpe:/a:adobe:shockwave_player:5.0", "cpe:/a:adobe:shockwave_player:10.1.4.020", "cpe:/a:adobe:shockwave_player:8.5.1.103"], "id": "CVE-2010-4191", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4191", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.615:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:44:02", "description": "Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted 3D Assets 0xFFFFFF88 type record that triggers an incorrect memory allocation, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, and CVE-2010-4306.", "cvss3": {}, "published": "2011-02-10T16:00:00", "type": "cve", "title": "CVE-2010-4192", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4093", "CVE-2010-4187", "CVE-2010-4190", "CVE-2010-4191", "CVE-2010-4192", "CVE-2010-4306", "CVE-2011-0555"], "modified": "2018-10-10T20:07:00", "cpe": ["cpe:/a:adobe:shockwave_player:11.5.2.602", "cpe:/a:adobe:shockwave_player:8.0", "cpe:/a:adobe:shockwave_player:10.1.0.11", "cpe:/a:adobe:shockwave_player:10.2.0.022", "cpe:/a:adobe:shockwave_player:8.5.1.100", "cpe:/a:adobe:shockwave_player:2.0", "cpe:/a:adobe:shockwave_player:8.0.205", "cpe:/a:adobe:shockwave_player:8.5.1.106", "cpe:/a:adobe:shockwave_player:11.5.0.596", "cpe:/a:adobe:shockwave_player:8.5.321", "cpe:/a:adobe:shockwave_player:9.0.432", "cpe:/a:adobe:shockwave_player:10.2.0.023", "cpe:/a:adobe:shockwave_player:11.5.7.609", "cpe:/a:adobe:shockwave_player:10.1.1.016", "cpe:/a:adobe:shockwave_player:8.5.323", "cpe:/a:adobe:shockwave_player:6.0", "cpe:/a:adobe:shockwave_player:8.0.204", "cpe:/a:adobe:shockwave_player:8.5.325", "cpe:/a:adobe:shockwave_player:11.5.9.615", "cpe:/a:adobe:shockwave_player:10.0.0.210", "cpe:/a:adobe:shockwave_player:10.1.0.011", "cpe:/a:adobe:shockwave_player:10.0.1.004", "cpe:/a:adobe:shockwave_player:11.5.1.601", "cpe:/a:adobe:shockwave_player:8.5.1.105", "cpe:/a:adobe:shockwave_player:9.0.383", "cpe:/a:adobe:shockwave_player:11.5.0.595", "cpe:/a:adobe:shockwave_player:11.0.0.456", "cpe:/a:adobe:shockwave_player:4.0", "cpe:/a:adobe:shockwave_player:11.5.6.606", "cpe:/a:adobe:shockwave_player:8.5.1", "cpe:/a:adobe:shockwave_player:1.0", "cpe:/a:adobe:shockwave_player:8.0.196a", "cpe:/a:adobe:shockwave_player:8.0.196", "cpe:/a:adobe:shockwave_player:8.5.324", "cpe:/a:adobe:shockwave_player:3.0", "cpe:/a:adobe:shockwave_player:11.0.3.471", "cpe:/a:adobe:shockwave_player:9", "cpe:/a:adobe:shockwave_player:10.2.0.021", "cpe:/a:adobe:shockwave_player:11.5.8.612", "cpe:/a:adobe:shockwave_player:5.0", "cpe:/a:adobe:shockwave_player:10.1.4.020", "cpe:/a:adobe:shockwave_player:8.5.1.103"], "id": "CVE-2010-4192", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4192", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.615:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:38:55", "description": "The TextXtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a Director file with a crafted DEMX RIFF chunk that triggers incorrect buffer allocation, a different vulnerability than CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.", "cvss3": {}, "published": "2011-02-10T16:00:00", "type": "cve", "title": "CVE-2011-0555", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4093", "CVE-2010-4187", "CVE-2010-4190", "CVE-2010-4191", "CVE-2010-4192", "CVE-2010-4306", "CVE-2011-0555"], "modified": "2018-10-09T19:29:00", "cpe": ["cpe:/a:adobe:shockwave_player:10.2.0.023", "cpe:/a:adobe:shockwave_player:10.0.0.210", "cpe:/a:adobe:shockwave_player:8.0.196", "cpe:/a:adobe:shockwave_player:8.5.325", "cpe:/a:adobe:shockwave_player:9.0.383", "cpe:/a:adobe:shockwave_player:11.0.3.471", "cpe:/a:adobe:shockwave_player:10.1.4.020", "cpe:/a:adobe:shockwave_player:11.5.2.602", "cpe:/a:adobe:shockwave_player:10.2.0.021", "cpe:/a:adobe:shockwave_player:8.0.196a", "cpe:/a:adobe:shockwave_player:10.1.0.11", "cpe:/a:adobe:shockwave_player:8.0", "cpe:/a:adobe:shockwave_player:8.5.1.103", "cpe:/a:adobe:shockwave_player:8.5.1.106", "cpe:/a:adobe:shockwave_player:8.5.1.105", "cpe:/a:adobe:shockwave_player:11.5.6.606", "cpe:/a:adobe:shockwave_player:11.0.0.456", "cpe:/a:adobe:shockwave_player:6.0", "cpe:/a:adobe:shockwave_player:8.5.321", "cpe:/a:adobe:shockwave_player:8.5.324", "cpe:/a:adobe:shockwave_player:4.0", "cpe:/a:adobe:shockwave_player:8.5.323", "cpe:/a:adobe:shockwave_player:11.5.9.615", "cpe:/a:adobe:shockwave_player:11.5.0.595", "cpe:/a:adobe:shockwave_player:11.5.7.609", "cpe:/a:adobe:shockwave_player:5.0", "cpe:/a:adobe:shockwave_player:8.0.205", "cpe:/a:adobe:shockwave_player:10.0.1.004", "cpe:/a:adobe:shockwave_player:11.5.1.601", "cpe:/a:adobe:shockwave_player:9.0.432", "cpe:/a:adobe:shockwave_player:8.5.1.100", "cpe:/a:adobe:shockwave_player:11.5.8.612", "cpe:/a:adobe:shockwave_player:9", "cpe:/a:adobe:shockwave_player:8.5.1", "cpe:/a:adobe:shockwave_player:2.0", "cpe:/a:adobe:shockwave_player:10.1.0.011", "cpe:/a:adobe:shockwave_player:10.2.0.022", "cpe:/a:adobe:shockwave_player:3.0", "cpe:/a:adobe:shockwave_player:1.0", "cpe:/a:adobe:shockwave_player:8.0.204", "cpe:/a:adobe:shockwave_player:11.5.0.596", "cpe:/a:adobe:shockwave_player:10.1.1.016"], "id": "CVE-2011-0555", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0555", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.9.615:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-08-19T13:01:34", "description": "The remote Windows host contains a version of Adobe's Shockwave Player that is earlier than 11.5.9.620. Such versions are potentially affected by the following issues :\n\n - Several unspecified errors exist in the 'dirapi.dll' module that may allow arbitrary code execution. (CVE-2010-2587, CVE-2010-2588, CVE-2010-4188)\n\n - An error exists in the 'dirapi.dll' module related to an integer overflow and that may allow arbitrary code execution. (CVE-2010-2589)\n\n - It is reported that a use-after-free error exists in an unspecified compatibility component related to the 'Settings' window and an unloaded, unspecified library. This error is reported to allow arbitrary code execution when a crafted, malicious website is visited. (CVE-2010-4092)\n\n - Unspecified errors exist that may allow arbitrary code execution or memory corruption. The attack vectors is unspecified. (CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, CVE-2010-4306, CVE-2011-0555)\n\n - An input validation error exists in the 'IML32' module that may allow arbitrary code execution when processing global color table size of a GIF image contained in a Director movie. (CVE-2010-4189)\n\n - An unspecified input validation error exists that may allow arbitrary code execution through unspecified vectors. (CVE-2010-4193)\n\n - An unspecified input validation error exists in the 'dirapi.dll' module that may allow arbitrary code execution through unspecified vectors. (CVE-2010-4194)\n\n - An integer overflow error exists in the '3D Assets' module when parsing 3D assets containing the record type '0xFFFFFF45'. This error may allow arbitrary code execution. (CVE-2010-4196)\n\n - An input validation error exists in the 'DEMUX' chunks parsing portion of the 'TextXtra.x32' module. This error may allow arbitrary code execution. (CVE-2010-4195)\n\n - An unspecified buffer overflow error exists that may allow arbitrary code execution through unspecified vectors. (CVE-2010-4307)\n\n - An error exists in the 'PFR1' chunks parsing portion of the 'Font Xtra.x32' module. This error may allow arbitrary code execution. (CVE-2011-0556)\n\n - An unspecified integer overflow error exists that may allow arbitrary code execution through unspecified vectors.(CVE-2011-0557)\n\n - An error exists in the 'Font Xtra.x32' module related to signedness that may allow arbitrary code execution.\n (CVE-2011-0569)", "cvss3": {"score": null, "vector": null}, "published": "2011-02-10T00:00:00", "type": "nessus", "title": "Shockwave Player < 11.5.9.620 (APSB11-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2587", "CVE-2010-2588", "CVE-2010-2589", "CVE-2010-4092", "CVE-2010-4093", "CVE-2010-4187", "CVE-2010-4188", "CVE-2010-4189", "CVE-2010-4190", "CVE-2010-4191", "CVE-2010-4192", "CVE-2010-4193", "CVE-2010-4194", "CVE-2010-4195", "CVE-2010-4196", "CVE-2010-4306", "CVE-2010-4307", "CVE-2011-0555", "CVE-2011-0556", "CVE-2011-0557", "CVE-2011-0569"], "modified": "2018-07-27T00:00:00", "cpe": ["cpe:/a:adobe:shockwave_player"], "id": "SHOCKWAVE_PLAYER_APSB11-01.NASL", "href": "https://www.tenable.com/plugins/nessus/51936", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51936);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\n \"CVE-2010-2587\", \"CVE-2010-2588\", \"CVE-2010-2589\", \"CVE-2010-4092\", \n \"CVE-2010-4093\", \"CVE-2010-4187\", \"CVE-2010-4188\", \"CVE-2010-4189\",\n \"CVE-2010-4190\", \"CVE-2010-4191\", \"CVE-2010-4192\", \"CVE-2010-4193\",\n \"CVE-2010-4194\", \"CVE-2010-4195\", \"CVE-2010-4196\", \"CVE-2010-4306\",\n \"CVE-2010-4307\", \"CVE-2011-0555\", \"CVE-2011-0556\", \"CVE-2011-0557\",\n \"CVE-2011-0569\");\n script_bugtraq_id(\n 44617, \n 46316,\n 46317,\n 46318,\n 46319,\n 46320,\n 46321,\n 46324,\n 46325,\n 46326,\n 46327,\n 46328,\n 46329,\n 46330,\n 46332,\n 46333,\n 46334,\n 46335,\n 46336,\n 46338,\n 46339\n );\n script_xref(name:\"Secunia\", value:\"42112\");\n\n script_name(english:\"Shockwave Player < 11.5.9.620 (APSB11-01)\");\n script_summary(english:\"Checks version of Shockwave Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe's Shockwave\nPlayer that is earlier than 11.5.9.620. Such versions are potentially\naffected by the following issues :\n\n - Several unspecified errors exist in the 'dirapi.dll' \n module that may allow arbitrary code execution. \n (CVE-2010-2587, CVE-2010-2588, CVE-2010-4188)\n\n - An error exists in the 'dirapi.dll' module related to \n an integer overflow and that may allow arbitrary code\n execution. (CVE-2010-2589)\n\n - It is reported that a use-after-free error exists in an\n unspecified compatibility component related to the \n 'Settings' window and an unloaded, unspecified library. \n This error is reported to allow arbitrary code execution \n when a crafted, malicious website is visited. \n (CVE-2010-4092)\n\n - Unspecified errors exist that may allow arbitrary \n code execution or memory corruption. The attack vectors\n is unspecified. (CVE-2010-4093, CVE-2010-4187, \n CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, \n CVE-2010-4306, CVE-2011-0555)\n\n - An input validation error exists in the 'IML32' module\n that may allow arbitrary code execution when processing \n global color table size of a GIF image contained in a \n Director movie. (CVE-2010-4189)\n\n - An unspecified input validation error exists that may\n allow arbitrary code execution through unspecified\n vectors. (CVE-2010-4193)\n\n - An unspecified input validation error exists in the \n 'dirapi.dll' module that may allow arbitrary code \n execution through unspecified vectors. (CVE-2010-4194)\n\n - An integer overflow error exists in the '3D Assets'\n module when parsing 3D assets containing the record\n type '0xFFFFFF45'. This error may allow arbitrary code\n execution. (CVE-2010-4196)\n\n - An input validation error exists in the 'DEMUX' chunks \n parsing portion of the 'TextXtra.x32' module. This\n error may allow arbitrary code execution. \n (CVE-2010-4195)\n\n - An unspecified buffer overflow error exists that may\n allow arbitrary code execution through unspecified\n vectors. (CVE-2010-4307)\n\n - An error exists in the 'PFR1' chunks parsing portion\n of the 'Font Xtra.x32' module. This error may allow\n arbitrary code execution. (CVE-2011-0556)\n\n - An unspecified integer overflow error exists that may\n allow arbitrary code execution through unspecified\n vectors.(CVE-2011-0557)\n\n - An error exists in the 'Font Xtra.x32' module related\n to signedness that may allow arbitrary code execution.\n (CVE-2011-0569)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-078/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-079/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-080/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-01.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Shockwave 11.5.9.620 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"shockwave_player_apsb09_08.nasl\");\n script_require_keys(\"SMB/shockwave_player\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_func.inc\");\n\nport = kb_smb_transport();\ninstalls = get_kb_list('SMB/shockwave_player/*/path');\nif (isnull(installs)) exit(0, 'Shockwave Player was not detected on the remote host.');\n\ninfo = NULL;\npattern = 'SMB/shockwave_player/([^/]+)/([^/]+)/path';\n\nforeach install (keys(installs))\n{\n match = eregmatch(string:install, pattern:pattern);\n if (!match) exit(1, 'Unexpected format of KB key \"' + install + '\".');\n\n file = installs[install];\n variant = match[1];\n version = match[2];\n\n if (ver_compare(ver:version, fix:'11.5.9.620') == -1)\n {\n if (variant == 'Plugin')\n info += '\\n - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n else if (variant == 'ActiveX')\n info += '\\n - ActiveX control (for Internet Explorer) :\\n';\n info += ' ' + file + ', ' + version + '\\n';\n }\n}\n\nif (!info) exit(0, 'No vulnerable installs of Shockwave Player were found.');\n\nif (report_verbosity > 0)\n{\n if (max_index(split(info)) > 2) s = \"s\";\n else s = \"\";\n\n report = \n '\\nNessus has identified the following vulnerable instance'+s+' of Shockwave'+\n '\\nPlayer installed on the remote host :\\n'+\n info;\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-16T14:13:27", "description": "The remote Mac OS X host contains a version of Adobe Shockwave Player that is 11.5.9.615 or earlier. It is, therefore, affected by multiple vulnerabilities :\n\n - Several unspecified errors exist in the 'dirapi.dll' module that allow arbitrary code execution.\n (CVE-2010-2587, CVE-2010-2588, CVE-2010-4188)\n\n - An error exists in the 'dirapi.dll' module related to an integer overflow that allows arbitrary code execution. (CVE-2010-2589)\n\n - It is reported that a use-after-free error exists in an unspecified compatibility component related to the 'Settings' window and an unloaded, unspecified library.\n This error is reported to allow arbitrary code execution when a crafted, malicious website is visited.\n (CVE-2010-4092)\n\n - Unspecified errors exist that allow arbitrary code execution or memory corruption. The attack vectors is unspecified. (CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, CVE-2010-4306, CVE-2011-0555)\n\n - An input validation error exists in the 'IML32' module that allows arbitrary code execution when processing the global color table size of a GIF image contained in a Director movie. (CVE-2010-4189)\n\n - An unspecified input validation error exists that allows arbitrary code execution through unspecified vectors.\n (CVE-2010-4193)\n\n - An unspecified input validation error exists in the 'dirapi.dll' module that allows arbitrary code execution through unspecified vectors. (CVE-2010-4194)\n\n - An integer overflow error exists in the '3D Assets' module when parsing 3D assets containing the record type '0xFFFFFF45'. This error allows arbitrary code execution. (CVE-2010-4196)\n\n - An input validation error exists in the 'DEMUX' chunks parsing portion of the 'TextXtra.x32' module. This error allows arbitrary code execution. (CVE-2010-4195)\n\n - An unspecified buffer overflow error exists that allows arbitrary code execution through unspecified vectors.\n (CVE-2010-4307)\n\n - An error exists in the 'PFR1' chunks parsing portion of the 'Font Xtra.x32' module. This error allows arbitrary code execution. (CVE-2011-0556)\n\n - An unspecified integer overflow error exists that allows arbitrary code execution through unspecified vectors (CVE-2011-0557)\n\n - An error exists in the 'Font Xtra.x32' module related to signedness that allows arbitrary code execution.\n (CVE-2011-0569)", "cvss3": {"score": null, "vector": null}, "published": "2014-12-22T00:00:00", "type": "nessus", "title": "Adobe Shockwave Player <= 11.5.9.615 (APSB11-01) (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2587", "CVE-2010-2588", "CVE-2010-2589", "CVE-2010-4092", "CVE-2010-4093", "CVE-2010-4187", "CVE-2010-4188", "CVE-2010-4189", "CVE-2010-4190", "CVE-2010-4191", "CVE-2010-4192", "CVE-2010-4193", "CVE-2010-4194", "CVE-2010-4195", "CVE-2010-4196", "CVE-2010-4306", "CVE-2010-4307", "CVE-2011-0555", "CVE-2011-0556", "CVE-2011-0557", "CVE-2011-0569"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:shockwave_player"], "id": "MACOSX_SHOCKWAVE_PLAYER_APSB11-01.NASL", "href": "https://www.tenable.com/plugins/nessus/80175", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80175);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2010-2587\",\n \"CVE-2010-2588\",\n \"CVE-2010-2589\",\n \"CVE-2010-4092\",\n \"CVE-2010-4093\",\n \"CVE-2010-4187\",\n \"CVE-2010-4188\",\n \"CVE-2010-4189\",\n \"CVE-2010-4190\",\n \"CVE-2010-4191\",\n \"CVE-2010-4192\",\n \"CVE-2010-4193\",\n \"CVE-2010-4194\",\n \"CVE-2010-4195\",\n \"CVE-2010-4196\",\n \"CVE-2010-4306\",\n \"CVE-2010-4307\",\n \"CVE-2011-0555\",\n \"CVE-2011-0556\",\n \"CVE-2011-0557\",\n \"CVE-2011-0569\"\n );\n script_bugtraq_id(\n 44617,\n 46316,\n 46317,\n 46318,\n 46319,\n 46320,\n 46321,\n 46324,\n 46325,\n 46326,\n 46327,\n 46328,\n 46329,\n 46330,\n 46332,\n 46333,\n 46334,\n 46335,\n 46336,\n 46338,\n 46339\n );\n script_xref(name:\"SECUNIA\", value:\"42112\");\n\n script_name(english:\"Adobe Shockwave Player <= 11.5.9.615 (APSB11-01) (Mac OS X)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is 11.5.9.615 or earlier. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Several unspecified errors exist in the 'dirapi.dll'\n module that allow arbitrary code execution.\n (CVE-2010-2587, CVE-2010-2588, CVE-2010-4188)\n\n - An error exists in the 'dirapi.dll' module related to\n an integer overflow that allows arbitrary code\n execution. (CVE-2010-2589)\n\n - It is reported that a use-after-free error exists in an\n unspecified compatibility component related to the\n 'Settings' window and an unloaded, unspecified library.\n This error is reported to allow arbitrary code execution\n when a crafted, malicious website is visited.\n (CVE-2010-4092)\n\n - Unspecified errors exist that allow arbitrary code\n execution or memory corruption. The attack vectors is\n unspecified. (CVE-2010-4093, CVE-2010-4187,\n CVE-2010-4190, CVE-2010-4191, CVE-2010-4192,\n CVE-2010-4306, CVE-2011-0555)\n\n - An input validation error exists in the 'IML32' module\n that allows arbitrary code execution when processing the\n global color table size of a GIF image contained in a\n Director movie. (CVE-2010-4189)\n\n - An unspecified input validation error exists that allows\n arbitrary code execution through unspecified vectors.\n (CVE-2010-4193)\n\n - An unspecified input validation error exists in the\n 'dirapi.dll' module that allows arbitrary code execution\n through unspecified vectors. (CVE-2010-4194)\n\n - An integer overflow error exists in the '3D Assets'\n module when parsing 3D assets containing the record\n type '0xFFFFFF45'. This error allows arbitrary code\n execution. (CVE-2010-4196)\n\n - An input validation error exists in the 'DEMUX' chunks\n parsing portion of the 'TextXtra.x32' module. This\n error allows arbitrary code execution. (CVE-2010-4195)\n\n - An unspecified buffer overflow error exists that allows\n arbitrary code execution through unspecified vectors.\n (CVE-2010-4307)\n\n - An error exists in the 'PFR1' chunks parsing portion\n of the 'Font Xtra.x32' module. This error allows\n arbitrary code execution. (CVE-2011-0556)\n\n - An unspecified integer overflow error exists that allows\n arbitrary code execution through unspecified vectors\n (CVE-2011-0557)\n\n - An error exists in the 'Font Xtra.x32' module related\n to signedness that allows arbitrary code execution.\n (CVE-2011-0569)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-078/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-079/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-080/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-01.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Shockwave 11.5.9.620 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-0569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"shockwave_player_detect_macosx.nbin\");\n script_require_keys(\"installed_sw/Shockwave Player\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp = 'Shockwave Player';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\nif (ver_compare(ver:ver, fix:'11.5.9.615', strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed versions : 11.5.9.620' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(port:0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-02T21:13:34", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple remote code execution vulnerabilities.", "cvss3": {}, "published": "2011-02-15T00:00:00", "type": "openvas", "title": "Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Feb 2011", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4187", "CVE-2011-0555", "CVE-2010-4307", "CVE-2010-4192", "CVE-2010-4093", "CVE-2010-2589", "CVE-2011-0569", "CVE-2011-0556", "CVE-2010-4189", "CVE-2010-4190", "CVE-2010-4195", "CVE-2010-2588", "CVE-2011-0557", "CVE-2010-4196", "CVE-2010-4193", "CVE-2010-2587", "CVE-2010-4188", "CVE-2010-4191", "CVE-2010-4092", "CVE-2010-4194", "CVE-2010-4306"], "modified": "2017-02-25T00:00:00", "id": "OPENVAS:801846", "href": "http://plugins.openvas.org/nasl.php?oid=801846", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_code_exec_vuln_feb11.nasl 5424 2017-02-25 16:52:36Z teissa $\n#\n# Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Feb 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to execute arbitrary code by\n tricking a user into visiting a specially crafted web page.\n Impact Level: Application.\";\ntag_affected = \"Adobe Shockwave Player Versions prior to 11.5.9.620 on Windows.\";\ntag_insight = \"Multiple flaws are caused by input validation errors, memory corruptions,\n buffer and integer overflows, and use-after-free errors in the DIRAPI, IML32,\n TextXtra, 3d Asset, and Xtra.x32 modules when processing malformed Shockwave\n or Director files.\";\ntag_solution = \"Upgrade to Adobe Shockwave Player version 11.5.9.620 or later,\n For updates refer to http://get.adobe.com/shockwave/otherversions/\";\ntag_summary = \"This host is installed with Adobe Shockwave Player and is prone\n to multiple remote code execution vulnerabilities.\";\n\nif(description)\n{\n script_id(801846);\n script_version(\"$Revision: 5424 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-15 08:14:35 +0100 (Tue, 15 Feb 2011)\");\n script_cve_id(\"CVE-2010-2587\", \"CVE-2010-2588\", \"CVE-2010-2589\",\n \"CVE-2010-4092\", \"CVE-2010-4093\", \"CVE-2010-4187\",\n \"CVE-2010-4188\", \"CVE-2010-4189\", \"CVE-2010-4190\",\n \"CVE-2010-4191\", \"CVE-2010-4192\", \"CVE-2010-4193\",\n \"CVE-2010-4194\", \"CVE-2010-4195\", \"CVE-2010-4196\",\n \"CVE-2010-4306\", \"CVE-2010-4307\", \"CVE-2011-0555\",\n \"CVE-2011-0556\", \"CVE-2011-0557\", \"CVE-2011-0569\");\n script_bugtraq_id(46146);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Feb 2011\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2011/0335\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb11-01.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_require_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nshockVer = get_kb_item(\"Adobe/ShockwavePlayer/Ver\");\nif(!shockVer){\n exit(0);\n}\n\n## Check for Adobe Shockwave Player versions prior to 11.5.9.620\nif(version_is_less(version:shockVer, test_version:\"11.5.9.620\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-27T19:22:34", "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple remote code execution vulnerabilities.", "cvss3": {}, "published": "2011-02-15T00:00:00", "type": "openvas", "title": "Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Feb 2011", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4187", "CVE-2011-0555", "CVE-2010-4307", "CVE-2010-4192", "CVE-2010-4093", "CVE-2010-2589", "CVE-2011-0569", "CVE-2011-0556", "CVE-2010-4189", "CVE-2010-4190", "CVE-2010-4195", "CVE-2010-2588", "CVE-2011-0557", "CVE-2010-4196", "CVE-2010-4193", "CVE-2010-2587", "CVE-2010-4188", "CVE-2010-4191", "CVE-2010-4092", "CVE-2010-4194", "CVE-2010-4306"], "modified": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310801846", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801846", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Feb 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801846\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-02-15 08:14:35 +0100 (Tue, 15 Feb 2011)\");\n script_cve_id(\"CVE-2010-2587\", \"CVE-2010-2588\", \"CVE-2010-2589\",\n \"CVE-2010-4092\", \"CVE-2010-4093\", \"CVE-2010-4187\",\n \"CVE-2010-4188\", \"CVE-2010-4189\", \"CVE-2010-4190\",\n \"CVE-2010-4191\", \"CVE-2010-4192\", \"CVE-2010-4193\",\n \"CVE-2010-4194\", \"CVE-2010-4195\", \"CVE-2010-4196\",\n \"CVE-2010-4306\", \"CVE-2010-4307\", \"CVE-2011-0555\",\n \"CVE-2011-0556\", \"CVE-2011-0557\", \"CVE-2011-0569\");\n script_bugtraq_id(46146);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Feb 2011\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2011/0335\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-01.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_mandatory_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to execute arbitrary code by\n tricking a user into visiting a specially crafted web page.\");\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player Versions prior to 11.5.9.620 on Windows.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are caused by input validation errors, memory corruptions,\n buffer and integer overflows, and use-after-free errors in the DIRAPI, IML32,\n TextXtra, 3d Asset, and Xtra.x32 modules when processing malformed Shockwave\n or Director files.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Shockwave Player version 11.5.9.620 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave Player and is prone\n to multiple remote code execution vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://get.adobe.com/shockwave/otherversions/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nshockVer = get_kb_item(\"Adobe/ShockwavePlayer/Ver\");\nif(!shockVer){\n exit(0);\n}\n\nif(version_is_less(version:shockVer, test_version:\"11.5.9.620\")){\n report = report_fixed_ver(installed_version:shockVer, fixed_version:\"11.5.9.620\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:38", "description": "Security update available for Shockwave Player\r\n\r\nRelease date: February 8, 2011\r\n\r\nVulnerability identifier: APSB11-01\r\n\r\nCVE number: CVE-2010-2587, CVE-2010-2588, CVE-2010-2589, CVE-2010-4092,\r\nCVE-2010-4093, CVE-2010-4187, CVE-2010-4188, CVE-2010-4189, CVE-2010-4190,\r\nCVE-2010-4191, CVE-2010-4192, CVE-2010-4193, CVE-2010-4194, CVE-2010-4195,\r\nCVE-2010-4196, CVE-2010-4306, CVE-2010-4307, CVE-2011-0555, CVE-2011-0556,\r\nCVE-2011-0557, CVE-2011-0569\r\n\r\nPlatform: Windows and Macintosh\r\nSummary\r\n\r\nCritical vulnerabilities have been identified in Adobe Shockwave Player 11.5.9.615 and earlier\r\nversions on the Windows and Macintosh operating systems. These vulnerabilities could allow an\r\nattacker, who successfully exploits these vulnerabilities, to run malicious code on the affected\r\nsystem. Adobe recommends users of Adobe Shockwave Player 11.5.9.615 and earlier versions\r\nupdate to Adobe Shockwave Player 11.5.9.620 using the instructions provided below.\r\nAffected software versions\r\n\r\nShockwave Player 11.5.9.615 and earlier versions for Windows and Macintosh\r\nSolution\r\n\r\nAdobe recommends users of Adobe Shockwave Player 11.5.9.615 and earlier versions upgrade to\r\nthe newest version 11.5.9.620, available here: http://get.adobe.com/shockwave/.\r\nSeverity rating\r\n\r\nAdobe categorizes this as a critical update and recommends that users apply the latest update for\r\ntheir product installation by following the instructions in the "Solution" section above.\r\nDetails\r\n\r\nCritical vulnerabilities have been identified in Adobe Shockwave Player 11.5.9.615 and earlier\r\nversions on the Windows and Macintosh operating systems. These vulnerabilities could allow an\r\nattacker, who successfully exploits these vulnerabilities, to run malicious code on the affected\r\nsystem. Adobe recommends users of Adobe Shockwave Player 11.5.9.615 and earlier versions\r\nupdate to Adobe Shockwave Player 11.5.9.620 using the instructions provided above.\r\n\r\nThis update resolves a memory corruption vulnerability in the dirapi.dll module that could lead\r\nto code execution (CVE-2010-2587).\r\n\r\nThis update resolves a memory corruption vulnerability in the dirapi.dll module that could lead\r\nto code execution (CVE-2010-2588).\r\n\r\nThis update resolves an integer overflow vulnerability in the dirapi.dll module that could lead to\r\ncode execution (CVE-2010-2589).\r\n\r\nThis update resolves a use-after-free vulnerability that could lead to code execution\r\n(CVE-2010-4092).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution\r\n(CVE-2010-4093).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution\r\n(CVE-2010-4187).\r\n\r\nThis update resolves a memory corruption vulnerability in the dirapi.dll module that could lead\r\nto code execution (CVE-2010-4188).\r\n\r\nThis update resolves a memory corruption vulnerability in the IML32 module that could lead to\r\ncode execution (CVE-2010-4189).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution\r\n(CVE-2010-4190).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution\r\n(CVE-2010-4191).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution\r\n(CVE-2010-4192).\r\n\r\nThis update resolves an input validation vulnerability that could lead to code execution\r\n(CVE-2010-4193).\r\n\r\nThis update resolves an input validation vulnerability in the dirapi.dll module that could lead to\r\ncode execution (CVE-2010-4194).\r\n\r\nThis update resolves an input validation vulnerability in the TextXtra module that could lead to\r\ncode execution (CVE-2010-4195).\r\n\r\nThis update resolves an input validation vulnerability in the Shockwave 3d Asset module that could\r\nlead to code execution (CVE-2010-4196).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution\r\n(CVE-2010-4306).\r\n\r\nThis update resolves a buffer overflow vulnerability that could lead to code execution\r\n(CVE-2010-4307).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution\r\n(CVE-2011-0555).\r\n\r\nThis update resolves a memory corruption vulnerability in the Font Xtra.x32 module that could\r\nlead to code execution (CVE-2011-0556).\r\n\r\nThis update resolves an integer overflow vulnerability that could lead to code execution\r\n(CVE-2011-0557).\r\n\r\nThis update resolves a memory corruption vulnerability in the Font Xtra.x32 module that could\r\nlead to code execution (CVE-2011-0569).\r\nAcknowledgments\r\n\r\nAdobe would like to thank the following individuals and organizations for reporting the relevant\r\nissues and for working with Adobe to help protect our customers:\r\n\u2022 Carsten Eiram, Secunia Research (CVE-2010-2587, CVE-2010-2588, CVE-2010-2589).\r\n\u2022 Krystian Kloskowski (h07), working with Secunia Research (CVE-2010-4092).\r\n\u2022 Will Dormann of CERT/CC (CVE-2010-4093, CVE-2010-4193, CVE-2010-4194,\r\nCVE-2010-4195, CVE-2010-4196).\r\n\u2022 Andrzej Dyjak of iDefense Labs (CVE-2010-4187).\r\n\u2022 Aaron Portnoy and Logan Brown, TippingPoint DVLabs (CVE-2010-4188).\r\n\u2022 Logan Brown and Aaron Portnoy, TippingPoint DVLabs(CVE-2011-0555,\r\nCVE-2011-0556).\r\n\u2022 Aaron Portnoy and Logan Brown, TippingPoint DVLabs (CVE-2010-4189).\r\n\u2022 Aniway and Luigi Auriemma through TippingPoint's Zero Day Initiative\r\n(CVE-2010-4190).\r\n\u2022 An anonymous reporter through TippingPoint's Zero Day Initiative (CVE-2010-4191).\r\n\u2022 Aniway through TippingPoint's Zero Day Initiative (CVE-2010-4192).\r\n\u2022 IBM X-Force (CVE-2010-4306, CVE-2010-4307).\r\n\u2022 An anonymous reporter through TippingPoint's Zero Day Initiative (CVE-2011-0557).\r\n\u2022 Logan Brown and Aaron Portnoy, TippingPoint DVLabs and Luigi Auriemma through TippingPoint's Zero\r\nDay Initiative (CVE-2011-0569). ", "edition": 1, "cvss3": {}, "published": "2011-02-11T00:00:00", "title": "Security update available for Shockwave Player", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-4187", "CVE-2011-0555", "CVE-2010-4307", "CVE-2010-4192", "CVE-2010-4093", "CVE-2010-2589", "CVE-2011-0569", "CVE-2011-0556", "CVE-2010-4189", "CVE-2010-4190", "CVE-2010-4195", "CVE-2010-2588", "CVE-2011-0557", "CVE-2010-4196", "CVE-2010-4193", "CVE-2010-2587", "CVE-2010-4188", "CVE-2010-4191", "CVE-2010-4092", "CVE-2010-4194", "CVE-2010-4306"], "modified": "2011-02-11T00:00:00", "id": "SECURITYVULNS:DOC:25658", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25658", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:12:17", "description": "Multiple memory corruptions.", "edition": 2, "cvss3": {}, "published": "2011-02-14T00:00:00", "title": "Adobe Shockwave Player multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-4187", "CVE-2011-0555", "CVE-2010-4307", "CVE-2010-4192", "CVE-2010-4093", "CVE-2010-2589", "CVE-2011-0569", "CVE-2011-0556", "CVE-2010-4189", "CVE-2010-4190", "CVE-2010-4195", "CVE-2010-2588", "CVE-2011-0557", "CVE-2010-4196", "CVE-2010-4193", "CVE-2010-2587", "CVE-2010-4188", "CVE-2010-4191", "CVE-2010-4092", "CVE-2010-4194", "CVE-2010-4306"], "modified": "2011-02-14T00:00:00", "id": "SECURITYVULNS:VULN:11417", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11417", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:38", "bulletinFamily": "software", "cvelist": ["CVE-2011-0555"], "description": "TPTI-11-02: Adobe Shockwave TextXtra Invalid Seek Remote Code Execution Vulnerability\r\n\r\nhttp://dvlabs.tippingpoint.com/advisory/TPTI-11-02\r\n\r\nFebruary 8, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-0555\r\n\r\n-- CVSS:\r\n9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)\r\n\r\n-- Affected Vendors:\r\nAdobe\r\n\r\n-- Affected Products:\r\nAdobe Shockwave Player\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Adobe Shockwave. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the code responsible for parsing a DEMX\r\nRIFF chunk within Director files. The logic within the TextXtra.x32\r\nmodule fails to account for a specific condition and can be made to\r\nmisallocate a buffer on the heap. By crafting specific values within\r\nDEMX substructures an attacker can corrupt memory leading to arbitrary\r\ncode execution under the context of the user running the browser.\r\n\r\n-- Vendor Response:\r\nAdobe has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://www.adobe.com/support/security/bulletins/apsb11-01.html\r\n\r\n-- Disclosure Timeline:\r\n2010-12-16 - Vulnerability reported to vendor\r\n2011-02-08 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * Logan Brown, TippingPoint DVLabs", "edition": 1, "modified": "2011-02-11T00:00:00", "published": "2011-02-11T00:00:00", "id": "SECURITYVULNS:DOC:25660", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25660", "title": "TPTI-11-02: Adobe Shockwave TextXtra Invalid Seek Remote Code Execution Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:38", "bulletinFamily": "software", "cvelist": ["CVE-2010-4190"], "description": "ZDI-11-080: Adobe Shockwave CSWV Chunk Substructure Offset Value Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-080\r\n\r\nFebruary 8, 2011\r\n\r\n-- CVE ID:\r\nCVE-2010-4190\r\n\r\n-- CVSS:\r\n9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)\r\n\r\n-- Affected Vendors:\r\nAdobe\r\n\r\n-- Affected Products:\r\nAdobe Shockwave Player\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of the Adobe Shockwave Player. User interaction\r\nis required to exploit this vulnerability in that the target must visit\r\na malicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the code responsible for parsing\r\nsubstructures referenced by the CSWV RIFF chunk. An offset is improperly\r\ncalculated from several elements of a substructure. By crafting a\r\ndirector file in a particular way, an attacker can cause the process to\r\nseek out of the bounds of a heap allocation. Due to the way the process\r\ncontinues to manipulate memory, an attacker can force reliable\r\ncorruption that can be leveraged to execute arbitrary code under the\r\ncontext of the user running the browser.\r\n\r\n-- Vendor Response:\r\nAdobe has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://www.adobe.com/support/security/bulletins/apsb11-01.html\r\n\r\n-- Disclosure Timeline:\r\n2010-11-29 - Vulnerability reported to vendor\r\n2011-02-08 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * Aniway (Aniway.Anyway@gmail.com)\r\n * Luigi Auriemma\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi", "edition": 1, "modified": "2011-02-11T00:00:00", "published": "2011-02-11T00:00:00", "id": "SECURITYVULNS:DOC:25667", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25667", "title": "ZDI-11-080: Adobe Shockwave CSWV Chunk Substructure Offset Value Remote Code Execution Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:38", "description": "ZDI-11-078: Adobe Shockwave Player FFFFFF88 Record Count Element Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-078\r\n\r\nFebruary 8, 2011\r\n\r\n-- CVE ID:\r\nCVE-2010-4192\r\n\r\n-- CVSS:\r\n9, (AV:N/AC:L/Au:N/C:C/I:P/A:P)\r\n\r\n-- Affected Vendors:\r\nAdobe\r\n\r\n-- Affected Products:\r\nAdobe Shockwave Player\r\n\r\n-- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 10815. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of the Adobe Shockwave Player. User interaction\r\nis required to exploit this vulnerability in that the target must visit\r\na malicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the parsing of 3D assets within a\r\ndirector movie. The routine responsible for parsing 3D record type\r\n0xFFFFFF88 does not properly validate multiple fields within the\r\nstructure. If these values are too large, the process can create a\r\nfaulty allocation. Later, when the rendering routine attempts to use\r\nthis buffer memory is corrupted. This can be abused by remote attackers\r\nto execute arbitrary code under the context of the user running the\r\nbrowser.\r\n\r\n-- Vendor Response:\r\nAdobe has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://www.adobe.com/support/security/bulletins/apsb11-01.html\r\n\r\n-- Disclosure Timeline:\r\n2010-11-29 - Vulnerability reported to vendor\r\n2011-02-08 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * Aniway (Aniway.Anyway@gmail.com)\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi", "edition": 1, "cvss3": {}, "published": "2011-02-11T00:00:00", "title": "ZDI-11-078: Adobe Shockwave Player FFFFFF88 Record Count Element Remote Code Execution Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-4192"], "modified": "2011-02-11T00:00:00", "id": "SECURITYVULNS:DOC:25665", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25665", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:38", "bulletinFamily": "software", "cvelist": ["CVE-2010-4187"], "description": "iDefense Security Advisory 02.08.11\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nFeb 08, 2011\r\n\r\nI. BACKGROUND\r\n\r\nAdobe Shockwave Player is a popular Web browser plug-in. It is available\r\nfor multiple Web browsers and platforms, including Windows, and MacOS.\r\nShockwave Player enables Web browsers to display rich multimedia\r\ncontent in the form of Shockwave videos. For more information, see the\r\nvendor's site found at the following link:\r\n\r\nhttp://get.adobe.com/shockwave\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a memory corruption vulnerability in Adobe\r\nSystems Inc.'s Shockwave Player could allow an attacker to execute\r\narbitrary code with the privileges of the current user.\r\n\r\nThe vulnerability takes place during the processing of a malicious Adobe\r\nDirector file. A malicious user could cause a memory corruption by\r\nincluding malformed data in a chunk. This condition may lead to\r\narbitrary code execution.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation could result in the execution of arbitrary code with the\r\nprivileges of the user viewing the Web page. To exploit this\r\nvulnerability, a targeted user must load a malicious Adobe Director\r\nfile created by an attacker. An attacker typically accomplishes this\r\nvia social engineering or injecting content into a compromised, trusted\r\nsite.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in Shockwave\r\nPlayer version 11.5.8.612 and version 11.5.9.615 (the latest version at\r\nthe time of testing). A full list of vulnerable Adobe products can be\r\nfound in Adobe Security Bulletin APSB11-01.\r\n\r\nV. WORKAROUND\r\n\r\nThe killbit for the Shockwave Player ActiveX control can be set by\r\ncreating the following registry key:\r\n\r\nHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX\r\nCompatibility\{233C1507-6A77-46A4-9443-F871F945D258}\r\n\r\nUnder this key create a new DWORD value called "Compatibility Flags" and\r\nset its hexadecimal value to 400.\r\n\r\nTo re-enable Shockwave Player set the "Compatibility Flags" value to 0.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nAdobe has addressed this issue with an update. Further details and\r\npatches can be found at the following URL.\r\n\r\nhttp://www.adobe.com/support/security/bulletins/apsb11-01.html\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2010-4187 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n11/03/2010 Initial Vendor Notification\r\n11/03/2010 Initial Vendor Reply\r\n02/08/2011 Coordinated Public Disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was reported to iDefense by Andrzej Dyjak.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2011 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.", "edition": 1, "modified": "2011-02-11T00:00:00", "published": "2011-02-11T00:00:00", "id": "SECURITYVULNS:DOC:25664", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25664", "title": "iDefense Security Advisory 02.08.11: Adobe Shockwave Player Memory Corruption Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2022-01-31T20:59:43", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing substructures referenced by the CSWV RIFF chunk. An offset is improperly calculated from several elements of a substructure. By crafting a director file in a particular way, an attacker can cause the process to seek out of the bounds of a heap allocation. Due to the way the process continues to manipulate memory, an attacker can force reliable corruption that can be leveraged to execute arbitrary code under the context of the user running the browser.", "cvss3": {}, "published": "2011-02-08T00:00:00", "type": "zdi", "title": "Adobe Shockwave CSWV Chunk Substructure Offset Value Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4190"], "modified": "2011-02-08T00:00:00", "id": "ZDI-11-080", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-080/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:01:03", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3D assets within a director movie. The routine responsible for parsing 3D record type 0xFFFFFF88 does not properly validate multiple fields within the structure. If these values are too large, the process can create a faulty allocation. Later, when the rendering routine attempts to use this buffer memory is corrupted. This can be abused by remote attackers to execute arbitrary code under the context of the user running the browser.", "cvss3": {}, "published": "2011-02-08T00:00:00", "type": "zdi", "title": "Adobe Shockwave Player FFFFFF88 Record Count Element Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4192"], "modified": "2011-02-08T00:00:00", "id": "ZDI-11-078", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-078/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T12:36:52", "description": "Adobe Shockwave is a multimedia player that allows users to view interactive web content such as games, business presentations, entertainment, and advertisements from the web browser. It allows Adobe Director applications to be published on the Internet and viewed in a web browser on systems which have the Shockwave plug-in installed. A code execution vulnerability exists in Adobe Shockwave player. The vulnerability is due to an integer overflow error while calculating the size value for heap memory allocation while parsing a FFFFFF88 record. A remote attacker may exploit this vulnerability by enticing target users to open a malicious DIR file using a vulnerable version of the product. Successful exploitation of this vulnerability would result in arbitrary code execution in the security context of the logged in user.", "cvss3": {}, "published": "2010-10-04T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Shockwave Player Director File FFFFFF88 Record Integer Overflow (CVE-2010-2876; CVE-2010-4192)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2876", "CVE-2010-4192"], "modified": "2010-10-04T00:00:00", "id": "CPAI-2010-163", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-05T04:16:07", "description": "A code execution vulnerability exists in Adobe Shockwave player. The vulnerability is due to an integer overflow error while calculating the size value for heap memory allocation while parsing a FFFFFF88 record. Remote attackers can exploit this vulnerability by enticing target users to open a malicious DIR file using a vulnerable version of the product.", "cvss3": {}, "published": "2011-04-27T00:00:00", "type": "checkpoint_advisories", "title": "Preemptive Protection against Adobe Shockwave Player Director File FFFFFF88 Record Parsing Remote Code Execution Vulnerabilities (APSB11-01)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2876", "CVE-2010-4192"], "modified": "2011-01-01T00:00:00", "id": "CPAI-2011-243", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cert": [{"lastseen": "2021-09-28T17:50:57", "description": "### Overview\n\nAdobe Shockwave Player 11.5.9.615 and earlier versions on the Windows and Macintosh operating systems contain critical vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\nAdobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe Director. Shockwave Player is available as an ActiveX control for Internet Explorer and as a plug-in for other web browsers. \n\nMultiple vulnerabilities have been discovered in Shockwave Player and its Xtra components that can be exploited by an attacker to execute arbitrary code on a user's system. More details are available in Adobe Security Bulletin [APSB11-01](<http://www.adobe.com/support/security/bulletins/apsb11-01.html>). \n \n--- \n \n### Impact\n\nBy convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), Microsoft Office document, or any other document that supports embedded Shockwave content, an attacker may be able to execute arbitrary code \n \n--- \n \n### Solution\n\n**Apply an update** \n \nThese issues have been addressed in Adobe Shockwave Player 11.5.9.620. Please see Adobe Security Bulletin [APSB11-01](<http://www.adobe.com/support/security/bulletins/apsb11-01.html>) for more details. \n \n--- \n \n**Limit access to Director files** \n \nRestricting the handling of untrusted Director content may help mitigate this vulnerability. See [Securing Your Web Browser](<http://www.us-cert.gov/reading_room/securing_browser/>) for more information. Consider using the [NoScript ](<http://noscript.net/>)extension to whitelist web sites that can run Shockwave Player in Mozilla browsers such as Firefox. See the NoScript [FAQ ](<http://noscript.net/features#contentblocking>)for more information. \n \n**Disable the Shockwave Player ActiveX control in Internet Explorer** \n \nThe Shockwave Player ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSIDs: \n`{166B1BCA-3F9C-11CF-8075-444553540000}` \n`{233C1507-6A77-46A4-9443-F871F945D258}` \n \nAlternatively, the following text can be saved as a .REG file and imported to set the kill bit for this control: \n \n`Windows Registry Editor Version 5.00 \n \n[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\{166B1BCA-3F9C-11CF-8075-444553540000}] \n\"Compatibility Flags\"=dword:00000400 \n[HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\{166B1BCA-3F9C-11CF-8075-444553540000}] \n\"Compatibility Flags\"=dword:00000400 \n \n[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\{233C1507-6A77-46A4-9443-F871F945D258}] \n\"Compatibility Flags\"=dword:00000400 \n[HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\{233C1507-6A77-46A4-9443-F871F945D258}] \n\"Compatibility Flags\"=dword:00000400` \n \nMore information about how to set the kill bit is available in [Microsoft Support Document 240797](<http://support.microsoft.com/kb/240797>). \n \n--- \n \n### Vendor Information\n\n189929\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Adobe Unknown\n\nNotified: October 27, 2010 Updated: October 27, 2010 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | 9 | AV:N/AC:M/Au:N/C:C/I:C/A:P \nTemporal | 7 | E:POC/RL:OF/RC:C \nEnvironmental | 7 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References\n\n<http://www.adobe.com/support/security/bulletins/apsb11-01.html>\n\n### Acknowledgements\n\nThese vulnerabilities were reported by Will Dormann of the CERT/CC.\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2010-4093](<http://web.nvd.nist.gov/vuln/detail/CVE-2010-4093>), [CVE-2010-4193](<http://web.nvd.nist.gov/vuln/detail/CVE-2010-4193>), [CVE-2010-4194](<http://web.nvd.nist.gov/vuln/detail/CVE-2010-4194>), [CVE-2010-4195](<http://web.nvd.nist.gov/vuln/detail/CVE-2010-4195>), [CVE-2010-4196](<http://web.nvd.nist.gov/vuln/detail/CVE-2010-4196>) \n---|--- \n**Severity Metric:** | 7.65 \n**Date Public:** | 2011-02-08 \n**Date First Published:** | 2011-02-11 \n**Date Last Updated: ** | 2012-03-28 15:21 UTC \n**Document Revision: ** | 11 \n", "cvss3": {}, "published": "2011-02-11T00:00:00", "type": "cert", "title": "Adobe Shockwave 11.5.9.615 contains multiple memory corruption vulnerabilities", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4093", "CVE-2010-4193", "CVE-2010-4194", "CVE-2010-4195", "CVE-2010-4196"], "modified": "2012-03-28T15:21:00", "id": "VU:189929", "href": "https://www.kb.cert.org/vuls/id/189929", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
CVE-2010-4306
