Main Vulnerability Database Vulnerabilities #VU45352

#VU45352 Input validation error in Shockwave Player - CVE-2010-2589

Published: February 10, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU45352

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2010-2589

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Shockwave Player

Software vendor:
Adobe

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Integer overflow in the dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors.

Remediation

Install update from vendor's website.

External links

http://www.adobe.com/support/security/bulletins/apsb11-01.html
http://www.securityfocus.com/bid/46329
http://www.securitytracker.com/id?1025056
http://www.vupen.com/english/advisories/2011/0335
https://exchange.xforce.ibmcloud.com/vulnerabilities/65245