CVE-2010-2875 — Out-of-bounds Write in Adobe Shockwave Player

CWE-1893 documents3 sources

Severity

9.3CRITICALNVD

EPSS

9.1%

top 7.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Shockwave Player

Timeline

PublishedAug 26

Latest updateMay 17

Description

Integer signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated with the tSAC chunk in a Director movie.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDadobe/shockwave_player11.5.7.609+39

Patches

Patch: www.adobe.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-xgvh-p5hg-5f63: Integer signedness error in Adobe Shockwave Player before 11↗2022-05-17

▶

CVEList

CVE-2010-2875: Integer signedness error in Adobe Shockwave Player before 11↗2010-08-26

▶