CVE-2010-4092Adobe Shockwave Player vulnerability

CWE-3993 documents3 sources
Severity
9.3CRITICALNVD
EPSS
3.1%
top 13.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Shockwave Player
Timeline
PublishedNov 5
Latest updateMay 17

Description

Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 11.5.9.620 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an unloaded library. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDadobe/shockwave_player11.5.9.615+41

🔴Vulnerability Details

2
GHSA
GHSA-rvf4-rrwx-mqc6: Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 112022-05-17
CVEList
CVE-2010-4092: Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 112010-11-05
CVE-2010-4092 — Adobe Shockwave Player vulnerability | cvebase