Main Vulnerability Database Vulnerabilities #VU45346

Input validation error in Shockwave Player - CVE-2010-4194

Published: February 10, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU45346

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2010-4194

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Adobe

Affected software:
Shockwave Player

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

How to mitigate CVE-2010-4194

Install update from vendor's website.

Sources

http://www.adobe.com/support/security/bulletins/apsb11-01.html
http://www.kb.cert.org/vuls/id/189929
http://www.securityfocus.com/bid/46335
http://www.securitytracker.com/id?1025056
http://www.vupen.com/english/advisories/2011/0335

Input validation error in Shockwave Player - CVE-2010-4194

Detailed vulnerability description

How to mitigate CVE-2010-4194

Sources

Please verify you're human