Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAnonymousZDI-10-089
HistoryMay 11, 2010 - 12:00 a.m.

Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability

2010-05-1100:00:00
Anonymous
www.zerodayinitiative.com
7

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.162 Low

EPSS

Percentile

95.9%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing Director files. When the application parses the pami RIFF chunk, it trusts an offset value and seeks into the file data. If provided with signed values in the data at the given offset, the process can be made to incorrectly calculate a pointer and operate on the data at it’s location. This can be abused by an attacker to execute arbitrary code under the context of the user running the browser.

Related

checkpoint_advisories 3
securityvulns 3
prion 1
cve 1
openvas 2
nessus 2
checkpoint_advisories
checkpoint_advisories
Adobe Shockwave Player DIR Files PAMI Chunk Code Execution (APSB10-12; CVE-2010-1292)
2010-05-23 00:00:00
Update Protection against Adobe Shockwave Player DIR Files PAMI Chunk Code Execution Vulnerability (APSB10-12)
2010-05-26 00:00:00
Adobe Director Files (CVE-2010-0127; CVE-2010-0128; CVE-2010-0129; CVE-2010-0130; CVE-2010-0986; CVE-2010-0987; CVE-2010-1280; CVE-2010-1281; CVE-2010-1282; CVE-2010-1283; CVE-2010-1284; CVE-2010-1286; CVE-2010-1287; CVE-2010-1288; CVE-2010-1289; CVE-2010-1290; CVE-2010-1291; CVE-2010-1292)
2010-05-17 00:00:00
securityvulns
securityvulns
ZDI-10-089: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability
2010-05-12 00:00:00
Security update available for Shockwave Player
2010-05-12 00:00:00
Adobe Shockwave multiple security vulnerabilities
2010-05-21 00:00:00
prion
prion
Memory corruption
2010-05-13 17:30:00
cve
cve
CVE-2010-1292
2010-05-13 17:30:00
openvas
openvas
Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities May-10
2010-05-19 00:00:00
Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities (May 2010)
2010-05-19 00:00:00
nessus
nessus
Shockwave Player < 11.5.7.609 Multiple Vulnerabilities (APSB10-12)
2010-05-12 00:00:00
Adobe Shockwave Player <= 11.5.6.606 Multiple Vulnerabilities (APSB10-12) (Mac OS X)
2014-12-22 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.162 Low

EPSS

Percentile

95.9%

JSON
Related for ZDI-10-089
checkpoint_advisories3securityvulns3prion1cve1openvas2nessus2