CVE-2010-4193Improper Input Validation in Adobe Shockwave Player

CWE-20Improper Input Validation4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
10.2%
top 6.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Shockwave Player
Timeline
PublishedFeb 10
Latest updateMay 17

Description

Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDadobe/shockwave_player11.5.9.615+41

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-chx5-fg8j-vxpv: Adobe Shockwave Player before 112022-05-17
CVEList
CVE-2010-4193: Adobe Shockwave Player before 112011-02-10

💥Exploits & PoCs

1
Exploit-DB
Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (Metasploit)2010-07-07
CVE-2010-4193 — Improper Input Validation in Adobe | cvebase