Lucene search
AnonymousZDI-10-228HistoryOct 29, 2010 - 12:00 a.m.
Adobe Shockwave Player Director File SetVertexArray Remote Code Execution Vulnerability
2010-10-2900:00:00
Anonymous
www.zerodayinitiative.com
16
0.076 Low
EPSS
Percentile
94.2%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within code responsible for parsing Director files (.dir). When handling the 3D record type 0xFFFFFF89. The module trusts size fields within a substructure and can be forced to make a faulty memory allocation. This can be abused by a remote attacker to execute arbitrary code under the context of the currently logged-in user.
Related
prion
prion
Memory corruption
2010-10-29 19:00:00
nvd
nvd
CVE-2010-4090
2010-10-29 19:00:02
cvelist
cvelist
CVE-2010-4090
2010-10-29 18:00:00
cve
cve
CVE-2010-4090
2010-10-29 19:00:02
nessus
nessus
Shockwave Player < 11.5.9.615
2010-10-28 00:00:00
Adobe Shockwave Player <= 11.5.8.612 (APSB10-25) (Mac OS X)
2014-12-22 00:00:00
openvas
openvas
Adobe Shockwave Player Multiple Vulnerabilities Nov-10
2010-12-09 00:00:00
Adobe Shockwave Player Multiple Vulnerabilities (Nov 2010)
2010-12-09 00:00:00