CVE-2010-0128

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 13-05-2010 07:30

Last modified: - 20-10-2022 08:52

Total changes: - 5

Description

Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:C/I:C/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

9.3

Base score

8.6

10.0

Exploitability score

Impact score

Verification logic

Reference

http://secunia.com/secunia_research/2010-19/
38751-Broken Link, Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb10-12.html
http://www.coresecurity.com/content/adobe-director-invalid-read
ADV-2010-1128-Broken Link, Vendor Advisory
oval:org.mitre.oval:def:7273-Tool Signature
20100512 Secunia Research: Adobe Shockwave Player Signedness Error Vulnerability-Broken Link, VDB Entry
20100511 [CORE-2010-0405] Adobe Director Invalid Read-Broken Link, VDB Entry

Keywords

CVE-2010-0128

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2010-0128

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures