Main Vulnerability Database Vulnerabilities #VU45352

Input validation error in Shockwave Player - CVE-2010-2589

Published: February 10, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU45352

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2010-2589

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Adobe

Affected software:
Shockwave Player

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Integer overflow in the dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors.

How to mitigate CVE-2010-2589

Install update from vendor's website.

Sources

http://www.adobe.com/support/security/bulletins/apsb11-01.html
http://www.securityfocus.com/bid/46329
http://www.securitytracker.com/id?1025056
http://www.vupen.com/english/advisories/2011/0335
https://exchange.xforce.ibmcloud.com/vulnerabilities/65245

Input validation error in Shockwave Player - CVE-2010-2589

Detailed vulnerability description

How to mitigate CVE-2010-2589

Sources

Please verify you're human