CVE-2010-2874Out-of-bounds Write in Adobe Shockwave Player

CWE-3993 documents3 sources
Severity
9.3CRITICALNVD
EPSS
7.9%
top 7.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Shockwave Player
Timeline
PublishedSep 7
Latest updateMay 17

Description

Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. NOTE: due to conflicting information and use of the same CVE identifier by the vendor, ZDI, and TippingPoint, it is not clear whether this issue is related to use of an uninitialized pointer, an incorrect pointer offset calculation, or both.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDadobe/shockwave_player11.5.7.609+39

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-v36f-7mqc-rg36: Unspecified vulnerability in Adobe Shockwave Player before 112022-05-17
CVEList
CVE-2010-2874: Unspecified vulnerability in Adobe Shockwave Player before 112010-09-07
CVE-2010-2874 — Out-of-bounds Write in Adobe | cvebase