CVE-2010-2879 — Out-of-bounds Write in Adobe Shockwave Player

CWE-1895 documents5 sources

Severity

9.3CRITICALNVD

EPSS

11.2%

top 6.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Shockwave Player

Timeline

PublishedAug 26

Latest updateMay 14

Description

Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count or (2) element size value in a file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDadobe/shockwave_player11.5.7.609+39

Patches

Patch: www.adobe.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-m3h2-w8h6-2j5q: Multiple integer overflows in the allocator in the TextXtra↗2022-05-14

▶

CVEList

CVE-2010-2879: Multiple integer overflows in the allocator in the TextXtra↗2010-08-26

▶

💥Exploits & PoCs

Exploit-DB

BigAnt Server 2.2 - Remote Buffer Overflow (Metasploit)↗2010-05-09

▶

💬Community

Bugzilla

CVE-2010-3611 dhcp: NULL pointer dereference crash via crafted DHCPv6 packet↗2010-11-04

▶