[CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability
2010-05-12T00:00:00
ID SECURITYVULNS:DOC:23824 Type securityvulns Reporter Securityvulns Modified 2010-05-12T00:00:00
Description
[CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer
overflow vulnerability
Affected Products
11.5.2.602 ,11.5.6.606 and prior
CVE ID: CVE-2010-0129
CAL ID: CAL-20100204-2
Vulnerability Details
Code Audit Labs http://www.vulnhunt.com has discovered a vulnerability
allows remote attackers to execute code on vulnerable
installations of Adobe's Shockwave Player. User interaction is required
in that a user must visit a malicious web site.
The specific flaw exists when the Shockwave player attempts to load a
specially crafted Adobe Director File. When a malicious value is used
extern to signed integer . Exploitation can lead to remote system
compromise under the credentials of the currently logged in user.
2010-2-6 report to vendor
2010-2-7 vendor ask poc file
2010-2-7 we sent the poc file.
2010-2-8 vendor comfirm the issue.
2010-5-11 Coordinated public release of advisory.
About Code Audit Labs:
Code Audit Labs is department of VulnHunt company which provide a
professional security testing products / services / security consulting
and training ,we sincerely hope we can help your procudes to improve code
quality and safety.
WebSite http://www.VulnHunt.com ( online soon)
{"id": "SECURITYVULNS:DOC:23824", "bulletinFamily": "software", "title": "[CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability", "description": "[CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer\r\noverflow vulnerability\r\n\r\n\r\nAffected Products\r\n=================\r\n11.5.2.602 ,11.5.6.606 and prior\r\n\r\nCVE ID: CVE-2010-0129\r\nCAL ID: CAL-20100204-2\r\n\r\n\r\nVulnerability Details\r\n=====================\r\n\r\nCode Audit Labs http://www.vulnhunt.com has discovered a vulnerability\r\nallows remote attackers to execute code on vulnerable\r\ninstallations of Adobe's Shockwave Player. User interaction is required\r\nin that a user must visit a malicious web site.\r\n\r\nThe specific flaw exists when the Shockwave player attempts to load a\r\nspecially crafted Adobe Director File. When a malicious value is used\r\nextern to signed integer . Exploitation can lead to remote system\r\ncompromise under the credentials of the currently logged in user.\r\n\r\nref\r\nhttp://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html\r\nhttp://www.adobe.com/support/security/bulletins/apsb10-12.html\r\n\r\nDisclosure Timeline\r\n===================\r\n2010-2-6 report to vendor\r\n2010-2-7 vendor ask poc file\r\n2010-2-7 we sent the poc file.\r\n2010-2-8 vendor comfirm the issue.\r\n2010-5-11 Coordinated public release of advisory.\r\n\r\n\r\nAbout Code Audit Labs:\r\n=====================\r\nCode Audit Labs is department of VulnHunt company which provide a\r\nprofessional security testing products / services / security consulting\r\nand training ,we sincerely hope we can help your procudes to improve code\r\nquality and safety.\r\nWebSite http://www.VulnHunt.com ( online soon)", "published": "2010-05-12T00:00:00", "modified": "2010-05-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23824", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2010-0129"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:34", "edition": 1, "viewCount": 5, "enchantments": {"score": {"value": 7.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["SBP-2010-19"]}, {"type": "cve", "idList": ["CVE-2010-0129"]}, {"type": "nessus", "idList": ["MACOSX_SHOCKWAVE_PLAYER_APSB10-12.NASL", "SHOCKWAVE_PLAYER_APSB10-12.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801335", "OPENVAS:801335"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23830", "SECURITYVULNS:DOC:23832", "SECURITYVULNS:DOC:23837", "SECURITYVULNS:DOC:23844", "SECURITYVULNS:VULN:10828"]}, {"type": "seebug", "idList": ["SSV:19588"]}]}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2010-0129"]}, {"type": "nessus", "idList": ["MACOSX_SHOCKWAVE_PLAYER_APSB10-12.NASL", "SHOCKWAVE_PLAYER_APSB10-12.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801335"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10828"]}, {"type": "seebug", "idList": ["SSV:19588"]}]}, "exploitation": null, "vulnersScore": 7.4}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}
{"securityvulns": [{"lastseen": "2018-08-31T11:10:34", "description": "iDefense Security Advisory 05.11.10\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nMay 11, 2010\r\n\r\nI. BACKGROUND\r\n\r\nAdobe Shockwave Player is a popular Web browser plugin. It is available\r\nfor multiple Web browsers and platforms, including Windows, and MacOS.\r\nShockwave Player enables Web browsers to display rich multimedia\r\ncontent in the form of Shockwave videos. For more information, see the\r\nvendor's site found at the following link:<BR> <BR>\r\nhttp://get.adobe.com/shockwave\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a heap memory indexing vulnerability in Adobe\r\nSystems Inc.'s Shockwave Player could allow an attacker to execute\r\narbitrary code with the privileges of the current user. <BR> <BR> The\r\nvulnerability takes place during the processing of a certain malformed\r\nfile. A function calculates an offset to be used within a memory mapped\r\nfile and returns the offset value. The return value is not checked. This\r\ncan lead to a condition where an attacker is able to overwrite memory\r\noutside the bounds of the allocated memory map.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability results in the execution of arbitrary\r\ncode with the privileges of the user viewing the Web page. To exploit\r\nthis vulnerability, a targeted user must load a malicious file created\r\nby an attacker. An attacker typically accomplishes this via social\r\nengineering or injecting content into a compromised, trusted site. <BR>\r\n<BR> Adobe Shockwave Player implements a custom memory management system\r\nfor object allocation. Due to the design of the memory allocator, an\r\nattacker is able to predict the distance of objects within a memory\r\nmap. This condition can help facilitate reliable exploitation of this\r\nvulnerability.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in the latest\r\nversion of Shockwave Player at the time of testing, version 11.5.6r606.\r\nShockwave Player 11.5.6.606 and earlier versions for Windows and\r\nMacintosh are vulnerable.\r\n\r\nV. WORKAROUND\r\n\r\nThe killbit for the Shockwave Player ActiveX control can be set by\r\ncreating the following registry key:<BR> <BR>\r\nHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX\r\nCompatibility\{233C1507-6A77-46A4-9443-F871F945D258} Under this key\r\ncreate a new DWORD value called "Compatibility Flags" and set its\r\nhexadecimal value to 400. <BR> <BR> To re-enable Shockwave Player set\r\nthe "Compatibility Flags" value to 0.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nAdobe has released a fix which addresses this issue. Information about\r\ndownloadable vendor updates can be found by clicking on the URLs shown.\r\n\r\nhttp://get.adobe.com/shockwave/\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2010-0129 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n03/03/2010 Initial Vendor Notification\r\n03/03/2009 Initial Vendor Reply\r\n05/11/2010 Coordinated Public Disclosure\r\n\r\nIX. CREDIT\r\n\r\nThe discoverer of this vulnerability wishes to remain anonymous.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2010 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.", "edition": 1, "cvss3": {}, "published": "2010-05-12T00:00:00", "title": "iDefense Security Advisory 05.11.10: Abobe Shockwave Player Heap Memory Indexing Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-0129"], "modified": "2010-05-12T00:00:00", "id": "SECURITYVULNS:DOC:23832", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23832", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:34", "description": "====================================================================== \r\n\r\n Secunia Research 12/05/2010\r\n\r\n - Adobe Shockwave Player Array Indexing Vulnerability -\r\n\r\n====================================================================== \r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nVendor's Description of Software.....................................3\r\nDescription of Vulnerability.........................................4\r\nSolution.............................................................5\r\nTime Table...........................................................6\r\nCredits..............................................................7\r\nReferences...........................................................8\r\nAbout Secunia........................................................9\r\nVerification........................................................10\r\n\r\n====================================================================== \r\n1) Affected Software \r\n\r\n* Adobe Shockwave Player 11.5.6.606\r\n\r\nNOTE: Prior versions may also be affected.\r\n\r\n====================================================================== \r\n2) Severity \r\n\r\nRating: Highly critical\r\nImpact: System access\r\nWhere: From remote\r\n\r\n====================================================================== \r\n3) Vendor's Description of Software \r\n\r\n"Over 450 million Internet-enabled desktops have installed Adobe \r\nShockwave Player. These people now have access to some of the best the\r\nWeb has to offer - including dazzling 3D games and entertainment, \r\ninteractive product demonstrations, and online learning applications."\r\n\r\nProduct Link:\r\nhttp://www.adobe.com/products/shockwaveplayer/\r\n\r\n====================================================================== \r\n4) Description of Vulnerability\r\n\r\nSecunia Research has discovered a vulnerability in Adobe Shockwave \r\nPlayer, which can be exploited by malicious people to potentially \r\ncompromise a user's system.\r\n\r\nThe vulnerability is caused by an array indexing error when processing\r\nShockwave files. This can be exploited to corrupt memory when a \r\nspecially crafted Shockwave file (e.g. ".dir") is opened.\r\n\r\nSuccessful exploitation may allow execution of arbitrary code.\r\n\r\n====================================================================== \r\n5) Solution \r\n\r\nUpdate to version 11.5.7.609.\r\n\r\n====================================================================== \r\n6) Time Table \r\n\r\n03/03/2010 - Vendor notified.\r\n03/03/2010 - Vendor response.\r\n12/05/2010 - Public disclosure.\r\n\r\n====================================================================== \r\n7) Credits \r\n\r\nDiscovered by Alin Rad Pop, Secunia Research.\r\n\r\n====================================================================== \r\n8) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\r\nCVE-2010-0129 for the vulnerability.\r\n\r\n====================================================================== \r\n9) About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n====================================================================== \r\n10) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2010-20/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================", "edition": 1, "cvss3": {}, "published": "2010-05-13T00:00:00", "title": "Secunia Research: Adobe Shockwave Player Array Indexing Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-0129"], "modified": "2010-05-13T00:00:00", "id": "SECURITYVULNS:DOC:23837", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23837", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "cvelist": ["CVE-2010-0129"], "description": "VUPEN Security Research - Adobe Shockwave IML32 Multiple Code Execution \r\nVulnerabilities (CVE-2010-0129)\r\n\r\nhttp://www.vupen.com/english/research.php\r\n\r\n\r\nI. BACKGROUND\r\n---------------------\r\n\r\n"Over 450 million Internet-enabled desktops have installed Adobe Shockwave\r\nPlayer. These people now have access to some of the best the Web has to \r\noffer\r\nincluding dazzling 3D games and entertainment, interactive product\r\ndemonstrations, and online learning applications. Shockwave Player displays\r\nWeb content that has been created by Adobe Director." from Adobe.com\r\n\r\n\r\nII. DESCRIPTION\r\n---------------------\r\n\r\nVUPEN Vulnerability Research Team discovered eleven critical vulnerabilities\r\nin Adobe Shockwave Player.\r\n\r\nThese vulnerabilities are caused due to integer overflows, array indexing,\r\nand memory corruption errors when processing malformed Shockwave or Director\r\nfiles, which could be exploited by attackers to execute arbitrary code by\r\ntricking a user into visiting a specially crafted web page.\r\n\r\n\r\nIII. AFFECTED PRODUCTS\r\n---------------------------\r\n\r\nAdobe Shockwave Player versions prior to 11.5.7.609\r\n\r\n\r\n\r\nIV. Binary Analysis & Proof-of-concept\r\n---------------------------------------\r\n\r\nIn-depth binary analysis, code execution exploits and proof-of-concept\r\ncodes are published through the VUPEN Binary Analysis & Exploits Service :\r\n\r\nhttp://www.vupen.com/exploits/\r\n\r\n\r\nV. SOLUTION\r\n----------------\r\n\r\nAdobe Shockwave Player version 11.5.7.609\r\n\r\n\r\nVI. CREDIT\r\n--------------\r\n\r\nThese vulnerabilities were discovered by Chaouki Bekrar of VUPEN Security\r\n\r\n\r\nVII. ABOUT VUPEN Security\r\n---------------------------\r\n\r\nVUPEN is a leading IT security research company providing vulnerability\r\nmanagement and security intelligence solutions which enable enterprises\r\nand institutions to eliminate vulnerabilities before they can be exploited,\r\nensure security policy compliance and meaningfully measure and manage risks.\r\n\r\nGovernmental and federal agencies, and global enterprises in the financial\r\nservices, insurance, manufacturing and technology industries rely on VUPEN\r\nto improve their security, prioritize resources, cut time and costs, and\r\nstay ahead of the latest threats.\r\n\r\n* VUPEN Vulnerability Notification Service:\r\nhttp://www.vupen.com/english/services/\r\n\r\n* VUPEN Binary Analysis & Exploits Service :\r\nhttp://www.vupen.com/exploits/\r\n\r\n* VUPEN Web Application Security Scanner (WASS):\r\nhttp://www.vupen.com/english/wass/\r\n\r\n\r\nVIII. REFERENCES\r\n----------------------\r\n\r\nhttp://www.vupen.com/english/advisories/2010/1128\r\nhttp://www.adobe.com/support/security/bulletins/apsb10-12.html\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0129\r\n\r\n\r\nIX. DISCLOSURE TIMELINE\r\n-----------------------------\r\n\r\n2010-02-24 - Vendor notified\r\n2010-02-24 - Vendor response\r\n2010-03-02 - Status update received\r\n2010-05-07 - Status update received\r\n2010-05-12 - Coordinated public Disclosure", "edition": 1, "modified": "2010-05-13T00:00:00", "published": "2010-05-13T00:00:00", "id": "SECURITYVULNS:DOC:23844", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23844", "title": "VUPEN Security Research - Adobe Shockwave IML32 Multiple Code Execution Vulnerabilities (CVE-2010-0129)", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:12:17", "bulletinFamily": "software", "cvelist": ["CVE-2010-1283", "CVE-2010-1289", "CVE-2010-0130", "CVE-2010-1292", "CVE-2010-0987", "CVE-2010-1287", "CVE-2010-1288", "CVE-2010-0127", "CVE-2010-1281", "CVE-2010-0128", "CVE-2010-0129", "CVE-2010-1290", "CVE-2010-1286", "CVE-2010-1280", "CVE-2010-1282", "CVE-2010-0986", "CVE-2010-1291", "CVE-2010-1284"], "description": "Multiple buffer overflows, integer overflows, memory corruptions, code executions.", "edition": 2, "modified": "2010-05-21T00:00:00", "published": "2010-05-21T00:00:00", "id": "SECURITYVULNS:VULN:10828", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10828", "title": "Adobe Shockwave multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "cvelist": ["CVE-2010-1283", "CVE-2010-1289", "CVE-2010-0130", "CVE-2010-1292", "CVE-2010-0987", "CVE-2010-1287", "CVE-2010-1288", "CVE-2010-0127", "CVE-2010-1281", "CVE-2010-0128", "CVE-2010-0129", "CVE-2010-1290", "CVE-2010-1286", "CVE-2010-1280", "CVE-2010-1282", "CVE-2010-0986", "CVE-2010-1291", "CVE-2010-1284"], "description": "Security update available for Shockwave Player\r\n\r\nRelease date: May 11, 2010\r\n\r\nVulnerability identifier: APSB10-12\r\n\r\nCVE number: CVE-2010-0127, CVE-2010-0128, CVE-2010-0129, CVE-2010-0130, CVE-2010-0986, CVE-2010-0987, CVE-2010-1280, CVE-2010-1281, CVE-2010-1282, CVE-2010-1283, CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1288, CVE-2010-1289, CVE-2010-1290, CVE-2010-1291, CVE-2010-1292\r\n\r\nPlatform: Windows and Macintosh\r\nSummary\r\n\r\nCritical vulnerabilities have been identified in Adobe Shockwave Player 11.5.6.606 and earlier versions on the Windows and Macintosh operating systems. The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.5.6.606 and earlier versions update to Adobe Shockwave Player 11.5.7.609, using the instructions provided below.\r\nAffected software versions\r\n\r\nShockwave Player 11.5.6.606 and earlier versions for Windows and Macintosh\r\nSolution\r\n\r\nAdobe recommends users of Adobe Shockwave Player 11.5.6.606 and earlier versions upgrade to the newest version 11.5.7.609, available here: http://get.adobe.com/shockwave/.\r\nSeverity rating\r\n\r\nAdobe categorizes this as a critical update and recommends that users apply the update for their product installations.\r\nDetails\r\n\r\nCritical vulnerabilities have been identified in Adobe Shockwave Player 11.5.6.606 and earlier versions on the Windows and Macintosh operating systems. The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.5.6.606 and earlier versions update to Adobe Shockwave Player 11.5.7.609, using the instructions provided above.\r\n\r\nThis update resolves a boundary error vulnerability that if exploited, could lead to memory corruption and possible code execution (CVE-2010-0127).\r\n\r\nThis update resolves a signedness error vulnerability that could lead to code execution (CVE-2010-0128).\r\n\r\nThis update resolves multiple memory corruption vulnerabilities due to integer overflow that could lead to code execution (CVE-2010-0129).\r\n\r\nThis update resolves an integer overflow vulnerability that could lead to code execution (CVE-2010-0130).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0986).\r\n\r\nThis update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0987).\r\n\r\nThis update resolves multiple memory corruption vulnerabilities that could lead to code execution (CVE-2010-1280).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1281).\r\n\r\nThis update resolves an infinite loop vulnerability that could lead to a denial of service (CVE-2010-1282).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1283).\r\n\r\nThis update resolves multiple memory corruption vulnerabilities that could lead to code execution (CVE-2010-1284).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1286).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1287).\r\n\r\nThis update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-1288).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1289).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1290).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1291).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1292).\r\nAcknowledgments\r\n\r\nAdobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:\r\n\r\n * Chaouki Bekrar of VUPEN Vulnerability Research Team (CVE-2010-1280, CVE-2010-1283, CVE-2010-0129, CVE-2010-1284)\r\n * Sebastien Renaud of VUPEN Vulnerability Research Team (CVE-2010-1280)\r\n * Code Audit Labs (CVE-2010-0129, CVE-2010-1280, CVE-2010-1282)\r\n * Nahuel Riva of Core Security Technologies (CVE-2010-0128)\r\n * Gjoko Krstic of Zero Science Lab (CVE-2010-1280)\r\n * Chro HD of Fortinet's FortiGuard Labs (CVE-2010-1280, CVE-2010-1286, CVE-2010-1287, CVE-2010-1288, CVE-2010-1289, CVE-2010-1290, CVE-2010-1291)\r\n * An Anonymous Researcher reported through iDefense's Vulnerability Contributor Program (CVE-2010-0129)\r\n * Alin Rad Pop of Secunia Research (CVE-2010-0127, CVE-2010-0128, CVE-2010-0129, CVE-2010-0130, CVE-2010-0986, CVE-2010-0987)\r\n * An Anonymous Researcher reported through TippingPoint's Zero Day Initiative (CVE-2010-1281, CVE-2010-1283, CVE-2010-1292)\r\n", "edition": 1, "modified": "2010-05-12T00:00:00", "published": "2010-05-12T00:00:00", "id": "SECURITYVULNS:DOC:23830", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23830", "title": "Security update available for Shockwave Player", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:11:51", "description": "CVE ID: CVE-2010-0129\r\n\r\nCode Audit Labs http://www.vulnhunt.com \u5728Adobe\u2019s Shockwave Player\u8f6f\u4ef6\u4e2d\r\n\u53d1\u73b0\u4e00\u4e2a\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53d7\u5bb3\u8005\u7684\u673a\u5668\u4e0a\u4efb\u610f\u6267\u884c\u4ee3\u7801\u3002\r\n\u89e6\u53d1\u8be5\u6f0f\u6d1e\u9700\u8981\u7528\u6237\u8bbf\u95ee\u4e00\u4e2a\u7578\u5f62\u7684web\u9875\u9762\u3002\r\n\r\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e\u5f53shockwave player\u5206\u6790Director\u6587\u4ef6\u65f6\uff0c\u9519\u8bef\u7684\u4f7f\u7528\u4e8616\u4f4d\u7684\u7b26\u53f7\u6574\u578b\u541132\u4f4d\u7684\u7b26\u53f7\u6574\u578b\uff0c\u5bfc\u81f4\u6574\u578b\u8fc7\u5927\uff0c\u968f\u540e\u53c8\u5bfc\u81f4\u4e00\u4e2a\u6574\u578b\u6ea2\u51fa\u3002\u6210\u529f\u5229\u7528\u8be5\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u8fdc\u7a0b\u63a7\u5236\u53d7\u5bb3\u8005\u673a\u5668\u3002\n\n11.5.2.602 ,11.5.6.606 and prior\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nadobe\r\n---------\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\nhttp://www.adobe.com", "published": "2010-05-12T00:00:00", "type": "seebug", "title": "Adobe Shockwave Player Director\u6587\u4ef6\u5206\u6790\u6574\u578b\u6ea2\u51fa\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0129"], "modified": "2010-05-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19588", "id": "SSV:19588", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2022-03-23T11:30:25", "description": "Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.", "cvss3": {}, "published": "2010-05-13T17:30:00", "type": "cve", "title": "CVE-2010-0129", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0129"], "modified": "2021-09-22T14:22:00", "cpe": ["cpe:/a:adobe:shockwave_player:11.5.1.601", "cpe:/a:adobe:shockwave_player:11.5.2.602", "cpe:/a:adobe:shockwave_player:8.0", "cpe:/a:adobe:shockwave_player:8.5.1", "cpe:/a:adobe:shockwave_player:1.0", "cpe:/a:adobe:shockwave_player:10.1.0.11", "cpe:/a:adobe:shockwave_player:5.0", "cpe:/a:adobe:shockwave_player:6.0", "cpe:/a:adobe:shockwave_player:11.5.0.595", "cpe:/a:adobe:shockwave_player:11.0.0.456", "cpe:/a:adobe:shockwave_player:3.0", "cpe:/a:adobe:shockwave_player:2.0", "cpe:/a:adobe:shockwave_player:4.0", "cpe:/a:adobe:shockwave_player:11.5.0.596", "cpe:/a:adobe:shockwave_player:9", "cpe:/a:adobe:shockwave_player:11.5.6.606"], "id": "CVE-2010-0129", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0129", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2022-04-16T14:12:52", "description": "The remote Mac OS X host contains a version of Adobe Shockwave Player that is 11.5.6.606 or earlier. It is, therefore, affected by multiple vulnerabilities :\n\n - Processing specially crafted FFFFFF45h Shockwave 3D blocks results in memory corruption. (CVE-2010-0127, CVE-2010-1283)\n\n - A signedness error leads to memory corruption when processing specially crafted Director files.\n (CVE-2010-0128)\n\n - An array indexing error leads to memory corruption when processing specially crafted Director files.\n (CVE-2010-0129)\n\n - An integer overflow vulnerability leads to memory corruption when processing specially crafted Director files. (CVE-2010-0130)\n\n - An unspecified error when processing asset entries in Director files leads to memory corruption.\n (CVE-2010-0986)\n\n - A boundary error when processing embedded fonts from a Directory file leads to memory corruption.\n (CVE-2010-0987)\n\n - An unspecified error when processing Director files results in memory corruption. (CVE-2010-1280)\n\n - Several unspecified memory corruption vulnerabilities.\n (CVE-2010-1281, CVE-2010-1282, CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1288, CVE-2010-1289, CVE-2010-1290, CVE-2010-1291, CVE-2010-1292)", "cvss3": {"score": null, "vector": null}, "published": "2014-12-22T00:00:00", "type": "nessus", "title": "Adobe Shockwave Player <= 11.5.6.606 Multiple Vulnerabilities (APSB10-12) (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0127", "CVE-2010-0128", "CVE-2010-0129", "CVE-2010-0130", "CVE-2010-0986", "CVE-2010-0987", "CVE-2010-1280", "CVE-2010-1281", "CVE-2010-1282", "CVE-2010-1283", "CVE-2010-1284", "CVE-2010-1286", "CVE-2010-1287", "CVE-2010-1288", "CVE-2010-1289", "CVE-2010-1290", "CVE-2010-1291", "CVE-2010-1292"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:shockwave_player"], "id": "MACOSX_SHOCKWAVE_PLAYER_APSB10-12.NASL", "href": "https://www.tenable.com/plugins/nessus/80172", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80172);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2010-0127\",\n \"CVE-2010-0128\",\n \"CVE-2010-0129\",\n \"CVE-2010-0130\",\n \"CVE-2010-0986\",\n \"CVE-2010-0987\",\n \"CVE-2010-1280\",\n \"CVE-2010-1281\",\n \"CVE-2010-1282\",\n \"CVE-2010-1283\",\n \"CVE-2010-1284\",\n \"CVE-2010-1286\",\n \"CVE-2010-1287\",\n \"CVE-2010-1288\",\n \"CVE-2010-1289\",\n \"CVE-2010-1290\",\n \"CVE-2010-1291\",\n \"CVE-2010-1292\"\n );\n script_bugtraq_id(\n 40076,\n 40077,\n 40078,\n 40079,\n 40081,\n 40082,\n 40083,\n 40084,\n 40085,\n 40086,\n 40087,\n 40088,\n 40089,\n 40090,\n 40091,\n 40093,\n 40094,\n 40096\n );\n\n script_name(english:\"Adobe Shockwave Player <= 11.5.6.606 Multiple Vulnerabilities (APSB10-12) (Mac OS X)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser plugin that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host contains a version of Adobe Shockwave Player\nthat is 11.5.6.606 or earlier. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Processing specially crafted FFFFFF45h Shockwave\n 3D blocks results in memory corruption. (CVE-2010-0127,\n CVE-2010-1283)\n\n - A signedness error leads to memory corruption when\n processing specially crafted Director files.\n (CVE-2010-0128)\n\n - An array indexing error leads to memory corruption when\n processing specially crafted Director files.\n (CVE-2010-0129)\n\n - An integer overflow vulnerability leads to memory\n corruption when processing specially crafted Director\n files. (CVE-2010-0130)\n\n - An unspecified error when processing asset entries\n in Director files leads to memory corruption.\n (CVE-2010-0986)\n\n - A boundary error when processing embedded fonts from a\n Directory file leads to memory corruption.\n (CVE-2010-0987)\n\n - An unspecified error when processing Director files\n results in memory corruption. (CVE-2010-1280)\n\n - Several unspecified memory corruption vulnerabilities.\n (CVE-2010-1281, CVE-2010-1282, CVE-2010-1284,\n CVE-2010-1286, CVE-2010-1287, CVE-2010-1288,\n CVE-2010-1289, CVE-2010-1290, CVE-2010-1291,\n CVE-2010-1292)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-10-087/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-10-088/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-10-089/\");\n # https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=869\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?19865c37\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2010/May/130\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2010/May/131\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2010/May/132\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.coresecurity.com/content/adobe-director-invalid-read\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-12.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Shockwave 11.5.7.609 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"shockwave_player_detect_macosx.nbin\");\n script_require_keys(\"installed_sw/Shockwave Player\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp = 'Shockwave Player';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\nif (ver_compare(ver:ver, fix:'11.5.6.606', strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed versions : 11.5.7.609' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(port:0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:04:22", "description": "The remote Windows host contains a version of Adobe's Shockwave Player that is earlier than 11.5.7.609. Such versions are affected by the following issues :\n\n - Processing specially crafted FFFFFF45h Shockwave 3D blocks can result in memory corruption.\n (CVE-2010-0127, CVE-2010-1283)\n\n - A signedness error that can lead to memory corruption when processing specially crafted Director files.\n (CVE-2010-0128)\n\n - An array indexing error that can lead to memory corruption when processing specially crafted Director files. (CVE-2010-0129)\n\n - An integer overflow vulnerability that can lead to memory corruption when processing specially crafted Director files. (CVE-2010-0130)\n\n - An unspecified error when processing asset entries in Director files can lead to memory corruption.\n (CVE-2010-0986)\n\n - A boundary error when processing embedded fonts from a Directory file can lead to memory corruption.\n (CVE-2010-0987)\n\n - An unspecified error when processing Director files can result in memory corruption. (CVE-2010-1280)\n\n - Several unspecified memory corruption vulnerabilities.\n (CVE-2010-1281, CVE-2010-1282, CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1288, CVE-2010-1289, CVE-2010-1290, CVE-2010-1291, CVE-2010-1292)", "cvss3": {"score": null, "vector": null}, "published": "2010-05-12T00:00:00", "type": "nessus", "title": "Shockwave Player < 11.5.7.609 Multiple Vulnerabilities (APSB10-12)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0127", "CVE-2010-0128", "CVE-2010-0129", "CVE-2010-0130", "CVE-2010-0986", "CVE-2010-0987", "CVE-2010-1280", "CVE-2010-1281", "CVE-2010-1282", "CVE-2010-1283", "CVE-2010-1284", "CVE-2010-1286", "CVE-2010-1287", "CVE-2010-1288", "CVE-2010-1289", "CVE-2010-1290", "CVE-2010-1291", "CVE-2010-1292"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:adobe:shockwave_player"], "id": "SHOCKWAVE_PLAYER_APSB10-12.NASL", "href": "https://www.tenable.com/plugins/nessus/46329", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(46329);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\n \"CVE-2010-0127\",\n \"CVE-2010-0128\",\n \"CVE-2010-0129\",\n \"CVE-2010-0130\",\n \"CVE-2010-0986\",\n \"CVE-2010-0987\",\n \"CVE-2010-1280\",\n \"CVE-2010-1281\",\n \"CVE-2010-1282\",\n \"CVE-2010-1283\",\n \"CVE-2010-1284\",\n \"CVE-2010-1286\",\n \"CVE-2010-1287\",\n \"CVE-2010-1288\",\n \"CVE-2010-1289\",\n \"CVE-2010-1290\",\n \"CVE-2010-1291\",\n \"CVE-2010-1292\"\n );\n script_bugtraq_id(\n 40076,\n 40077,\n 40078,\n 40079,\n 40081,\n 40082,\n 40083,\n 40084,\n 40085,\n 40086,\n 40087,\n 40088,\n 40089,\n 40090,\n 40091,\n 40093,\n 40094,\n 40096\n );\n script_xref(name:\"Secunia\", value:\"38751\");\n\n script_name(english:\"Shockwave Player < 11.5.7.609 Multiple Vulnerabilities (APSB10-12)\");\n script_summary(english:\"Checks version of Shockwave Player\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains a web browser plugin that is\naffected by multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Windows host contains a version of Adobe's Shockwave Player\nthat is earlier than 11.5.7.609. Such versions are affected by the\nfollowing issues :\n\n - Processing specially crafted FFFFFF45h Shockwave\n 3D blocks can result in memory corruption.\n (CVE-2010-0127, CVE-2010-1283)\n\n - A signedness error that can lead to memory corruption\n when processing specially crafted Director files.\n (CVE-2010-0128)\n\n - An array indexing error that can lead to memory\n corruption when processing specially crafted\n Director files. (CVE-2010-0129)\n\n - An integer overflow vulnerability that can lead to\n memory corruption when processing specially\n crafted Director files. (CVE-2010-0130)\n\n - An unspecified error when processing asset entries\n in Director files can lead to memory corruption.\n (CVE-2010-0986)\n\n - A boundary error when processing embedded fonts\n from a Directory file can lead to memory corruption.\n (CVE-2010-0987)\n\n - An unspecified error when processing Director files\n can result in memory corruption. (CVE-2010-1280)\n\n - Several unspecified memory corruption vulnerabilities.\n (CVE-2010-1281, CVE-2010-1282, CVE-2010-1284,\n CVE-2010-1286, CVE-2010-1287, CVE-2010-1288,\n CVE-2010-1289, CVE-2010-1290, CVE-2010-1291,\n CVE-2010-1292)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://secuniaresearch.flexerasoftware.com/secunia_research/2010-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://secuniaresearch.flexerasoftware.com/secunia_research/2010-19/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://secuniaresearch.flexerasoftware.com/secunia_research/2010-20/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://secuniaresearch.flexerasoftware.com/secunia_research/2010-22/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://secuniaresearch.flexerasoftware.com/secunia_research/2010-34/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://secuniaresearch.flexerasoftware.com/secunia_research/2010-50/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-10-087/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-10-088/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-10-089/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?19865c37\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2010/May/136\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2010/May/137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2010/May/138\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.coresecurity.com/content/adobe-director-invalid-read\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-12.html\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Adobe Shockwave 11.5.7.609 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:shockwave_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"shockwave_player_apsb09_08.nasl\");\n script_require_keys(\"SMB/shockwave_player\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_func.inc\");\n\n\nport = kb_smb_transport();\ninstalls = get_kb_list('SMB/shockwave_player/*/path');\nif (isnull(installs))\n exit(0, 'Shockwave Player was not detected on the remote host.');\n\ninfo = NULL;\npattern = 'SMB/shockwave_player/([^/]+)/([^/]+)/path';\n\nforeach install (keys(installs))\n{\n match = eregmatch(string:install, pattern:pattern);\n if (!match) exit(1, 'Unexpected format of KB key \"'+install+'\".');\n\n file = installs[install];\n variant = match[1];\n version = match[2];\n ver = split(version, sep:'.', keep:FALSE);\n for (i = 0; i < max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n if (\n ver[0] < 11 ||\n (\n ver[0] == 11 &&\n (\n ver[1] < 5 ||\n (\n ver[1] == 5 &&\n (\n ver[2] < 7 ||\n (ver[2] == 7 && ver[3] < 609)\n )\n )\n )\n )\n )\n {\n if (variant == \"Plugin\")\n {\n info += '\\n - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n - ActiveX control (for Internet Explorer) :\\n';\n }\n info += ' ' + file + ', ' + version + '\\n';\n }\n}\n\nif (!info) exit(0, \"No vulnerable installs of Shockwave Player were found.\");\n\nif (report_verbosity > 0)\n{\n if (max_index(split(info)) > 2) s = \"s\";\n else s = \"\";\n\n report =\n '\\nNessus has identified the following vulnerable instance'+s+' of Shockwave'+\n '\\nPlayer installed on the remote host :\\n'+\n info;\n security_hole(port:port, extra:report);\n}\nelse security_hole(port:port);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2022-04-02T00:59:29", "description": "Adobe Shockwave is a multimedia player that allows Adobe Director applications to be published on the Internet and viewed in a web browser by anyone who has the Shockwave plug-in installed. Multiple vulnerabilities have been identified in Adobe Shockwave Player. The vulnerabilities are due to memory corruption, integer overflow, buffer overflow, and boundary errors in Adobe Shockwave Player that fails to properly handle Directory files. A remote attacker could trigger these flaws by convincing a victim to open a specially crafted Directory file. Successful exploitation of this issue may corrupt system memory, allowing execution of malicious code on the affected system. There are cases in which certain traffic, although not intended for malicious use, is very unsafe, since it may transfer shellcode which is undetectable by IPS.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2010-05-17T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Director Files (CVE-2010-0127; CVE-2010-0128; CVE-2010-0129; CVE-2010-0130; CVE-2010-0986; CVE-2010-0987; CVE-2010-1280; CVE-2010-1281; CVE-2010-1282; CVE-2010-1283; CVE-2010-1284; CVE-2010-1286; CVE-2010-1287; CVE-2010-1288; CVE-2010-1289; CVE-2010-1290; CVE-2010-1291; CVE-2010-1292)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0127", "CVE-2010-0128", "CVE-2010-0129", "CVE-2010-0130", "CVE-2010-0986", "CVE-2010-0987", "CVE-2010-1280", "CVE-2010-1281", "CVE-2010-1282", "CVE-2010-1283", "CVE-2010-1284", "CVE-2010-1286", "CVE-2010-1287", "CVE-2010-1288", "CVE-2010-1289", "CVE-2010-1290", "CVE-2010-1291", "CVE-2010-1292"], "modified": "2016-01-27T00:00:00", "id": "SBP-2010-19", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-02T21:09:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1283", "CVE-2010-1289", "CVE-2010-0130", "CVE-2010-1292", "CVE-2010-0987", "CVE-2010-1287", "CVE-2010-1288", "CVE-2010-0127", "CVE-2010-1281", "CVE-2010-0128", "CVE-2010-0129", "CVE-2010-1290", "CVE-2010-1286", "CVE-2010-1280", "CVE-2010-1282", "CVE-2010-0986", "CVE-2010-1291", "CVE-2010-1284"], "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple remote code execution vulnerabilities.", "modified": "2017-02-10T00:00:00", "published": "2010-05-19T00:00:00", "id": "OPENVAS:801335", "href": "http://plugins.openvas.org/nasl.php?oid=801335", "type": "openvas", "title": "Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities May-10", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_shockwave_player_mult_code_exe_vuln_may10.nasl 5263 2017-02-10 13:45:51Z teissa $\n#\n# Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities May-10\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attacker to execute arbitrary code in\n the context of the affected application by tricking a user into visiting a\n specially crafted web page.\n Impact Level: Application.\";\ntag_affected = \"Adobe Shockwave Player prior to 11.5.7.609 on Windows.\";\ntag_insight = \"Multiple flaws are caused by memory corruption errors, integer and buffer\n overflows, array indexing, and signedness errors when processing malformed\n 'Shockwave' or 'Director' files, which could be exploited by attackers to\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\";\ntag_solution = \"Upgrade to Adobe Shockwave Player 11.5.7.609\n http://get.adobe.com/shockwave/otherversions/\";\ntag_summary = \"This host is installed with Adobe Shockwave Player and is prone\n to multiple remote code execution vulnerabilities.\";\n\nif(description)\n{\n script_id(801335);\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-19 14:50:39 +0200 (Wed, 19 May 2010)\");\n script_cve_id(\"CVE-2010-0127\", \"CVE-2010-0128\", \"CVE-2010-0129\", \"CVE-2010-0130\",\n \"CVE-2010-1280\", \"CVE-2010-1281\", \"CVE-2010-1282\", \"CVE-2010-1283\",\n \"CVE-2010-1284\", \"CVE-2010-1286\", \"CVE-2010-1287\", \"CVE-2010-1288\",\n \"CVE-2010-1289\", \"CVE-2010-1290\", \"CVE-2010-1291\", \"CVE-2010-1292\",\n \"CVE-2010-0987\", \"CVE-2010-0986\");\n script_bugtraq_id(40083, 40076, 40082, 40084, 40081, 40078, 40077, 40088, 40091,\n 40085, 40089, 40096, 40094, 40087, 40090, 40079, 40093, 40086);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities May-10\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/38751\");\n script_xref(name : \"URL\" , value : \"http://www.zeroscience.mk/codes/shockwave_mem.txt\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2010/1128\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb10-12.html\");\n script_xref(name : \"URL\" , value : \"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php\");\n script_xref(name : \"URL\" , value : \"http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_require_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nshockVer = get_kb_item(\"Adobe/ShockwavePlayer/Ver\");\nif(!shockVer){\n exit(0);\n}\n\n# Check for versions prior to 11.5.7.609\nif(version_is_less(version:shockVer, test_version:\"11.5.7.609\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-27T19:23:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1283", "CVE-2010-1289", "CVE-2010-0130", "CVE-2010-1292", "CVE-2010-0987", "CVE-2010-1287", "CVE-2010-1288", "CVE-2010-0127", "CVE-2010-1281", "CVE-2010-0128", "CVE-2010-0129", "CVE-2010-1290", "CVE-2010-1286", "CVE-2010-1280", "CVE-2010-1282", "CVE-2010-0986", "CVE-2010-1291", "CVE-2010-1284"], "description": "This host is installed with Adobe Shockwave Player and is prone\n to multiple remote code execution vulnerabilities.", "modified": "2020-04-23T00:00:00", "published": "2010-05-19T00:00:00", "id": "OPENVAS:1361412562310801335", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801335", "type": "openvas", "title": "Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities May-10", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities May-10\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801335\");\n script_version(\"2020-04-23T12:22:09+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 12:22:09 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-05-19 14:50:39 +0200 (Wed, 19 May 2010)\");\n script_cve_id(\"CVE-2010-0127\", \"CVE-2010-0128\", \"CVE-2010-0129\", \"CVE-2010-0130\",\n \"CVE-2010-1280\", \"CVE-2010-1281\", \"CVE-2010-1282\", \"CVE-2010-1283\",\n \"CVE-2010-1284\", \"CVE-2010-1286\", \"CVE-2010-1287\", \"CVE-2010-1288\",\n \"CVE-2010-1289\", \"CVE-2010-1290\", \"CVE-2010-1291\", \"CVE-2010-1292\",\n \"CVE-2010-0987\", \"CVE-2010-0986\");\n script_bugtraq_id(40083, 40076, 40082, 40084, 40081, 40078, 40077, 40088, 40091,\n 40085, 40089, 40096, 40094, 40087, 40090, 40079, 40093, 40086);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities May-10\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/38751\");\n script_xref(name:\"URL\", value:\"http://www.zeroscience.mk/codes/shockwave_mem.txt\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/1128\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-12.html\");\n script_xref(name:\"URL\", value:\"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php\");\n script_xref(name:\"URL\", value:\"http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_shockwave_player_detect.nasl\");\n script_mandatory_keys(\"Adobe/ShockwavePlayer/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to execute arbitrary code in\n the context of the affected application by tricking a user into visiting a\n specially crafted web page.\");\n script_tag(name:\"affected\", value:\"Adobe Shockwave Player prior to 11.5.7.609 on Windows.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are caused by memory corruption errors, integer and buffer\n overflows, array indexing, and signedness errors when processing malformed\n 'Shockwave' or 'Director' files, which could be exploited by attackers to\n execute arbitrary code by tricking a user into visiting a specially crafted\n web page.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Shockwave Player 11.5.7.609.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Shockwave Player and is prone\n to multiple remote code execution vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nshockVer = get_kb_item(\"Adobe/ShockwavePlayer/Ver\");\nif(!shockVer){\n exit(0);\n}\n\nif(version_is_less(version:shockVer, test_version:\"11.5.7.609\")){\n report = report_fixed_ver(installed_version:shockVer, fixed_version:\"11.5.7.609\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
