CVE-2010-0128Out-of-bounds Write in Adobe Director

CWE-787Out-of-bounds Write3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
8.2%
top 7.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe DirectorAdobe Shockwave Player
Timeline
PublishedMay 13
Latest updateApr 30

Description

Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/shockwave_player11.5.6.606
NVDadobe/director< 11.5.7.609

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-3vxm-4f9v-fq2c: Integer signedness error in dirapi2022-04-30
CVEList
CVE-2010-0128: Integer signedness error in dirapi2010-05-13
CVE-2010-0128 — Out-of-bounds Write in Adobe Director | cvebase