Vulnerability Name: | CVE-2010-1282 (CCN-58449) | ||||||||||||
Assigned: | 2010-05-11 | ||||||||||||
Published: | 2010-05-11 | ||||||||||||
Updated: | 2022-04-05 | ||||||||||||
Summary: | Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file. | ||||||||||||
CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
| ||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||
Vulnerability Type: | CWE-835 | ||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||
References: | Source: FULLDISC Type: Broken Link 20100511 [CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability Source: MITRE Type: CNA CVE-2010-1282 Source: MISC Type: Not Applicable http://hi.baidu.com/fs_fx/blog/item/f8de1d18ba8c9b76dbb4bd56.html Source: CCN Type: SA38751 Adobe Shockwave Player Multiple Vulnerabilities Source: CCN Type: Adobe Product Security Bulletin APSB10-12 Security update available for Shockwave Player Source: CONFIRM Type: Patch, Vendor Advisory http://www.adobe.com/support/security/bulletins/apsb10-12.html Source: CCN Type: OSVDB ID: 64648 Adobe Shockwave Player DIR File Crafted ATOM Size DoS Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20100512 [CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability Source: BID Type: Third Party Advisory, VDB Entry 40088 Source: CCN Type: BID-40088 Adobe Shockwave Player CVE-2010-1282 ATOM Size Denial of Service Vulnerability Source: VUPEN Type: Permissions Required, Third Party Advisory ADV-2010-1128 Source: XF Type: UNKNOWN shockwave-unspecified-dos(58449) Source: OVAL Type: Third Party Advisory, Tool Signature oval:org.mitre.oval:def:7388 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
Oval Definitions | |||||||||||||
| |||||||||||||
BACK |