CVE-2010-1283

Description

Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Adobe / shockwave_player11.5.7.609

References

VENDOR_ADVISORYhttp://secunia.com/advisories/38751
MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7262
VENDOR_ADVISORYhttp://www.adobe.com/support/security/bulletins/apsb10-12.html
VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1128
VENDOR_ADVISORYhttp://www.zerodayinitiative.com/advisories/ZDI-10-088/
MISChttp://www.securityfocus.com/archive/1/511253/100/0/threaded