var-201005-0052
Vulnerability from variot
Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error. Adobe Shockwave Player is prone to multiple remote code-execution vulnerabilities while parsing Director (.dir) files.
Attackers can exploit these issues to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts may cause a denial-of-service condition.
Versions prior to Shockwave Player 11.5.7.609 are vulnerable.
Note: These issues were previously covered in BID 40066 (Adobe Shockwave Player APSB10-12 Multiple Remote Vulnerabilities); they have been given their own record to better document them. The vulnerable software fails to sanitize user input when processing .dir files resulting in a crash and overwrite of a few memory registers.
-------------------------------------------------------------------------------- (f94.ae4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=20a0a0a0 ebx=207d004c ecx=00000400 edx=41414140 esi=00000000 edi=a80487d8
eip=68008bd6 esp=0012de4c ebp=00000400 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00050206
*** WARNING: Unable to verify checksum for C:\Program Files\Adobe\Adobe Director 11\DIRAPI.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for DIRAPI.dll -
DIRAPI!Ordinal14+0x3b16:
68008bd6 2b4f04 sub ecx,dword ptr [edi+4] ds:0023:a80487dc=????????
-----------------------
EAX FFFFFFFF
ECX 41414141
EDX FFFFFFFF
EBX 00000018
ESP 0012F3B4
EBP 02793578
ESI 0012F3C4
EDI 02793578
EIP 69009F1F IML32.69009F1F
--------------------------------------------------------------------------------
Tested on: Microsoft Windows XP Professional SP3 (English). ----------------------------------------------------------------------
Looking for a job?
Secunia is hiring skilled researchers and talented developers.
1) A boundary error while processing FFFFFF45h Shockwave 3D blocks can be exploited to corrupt memory.
2) A signedness error in the processing of Director files can be exploited to corrupt memory.
3) An array indexing error when processing Director files can be exploited to corrupt memory.
4) An integer overflow error when processing Director files can be exploited to corrupt memory.
5) An error when processing asset entries contained in Director files can be exploited to corrupt memory.
6) A boundary error when processing embedded fonts can be exploited to cause a heap-based buffer overflow via a specially crafted Director file.
7) An error when processing Director files can be exploited to overwrite 4 bytes of memory.
8) An error in the implementation of ordinal function 1409 in iml32.dll can be exploited to corrupt heap memory via a specially crafted Director file.
9) An error when processing a 4-byte field inside FFFFFF49h Shockwave 3D blocks can be exploited to corrupt heap memory.
10) An unspecified error can be exploited to corrupt memory.
11) A second unspecified error can be exploited to corrupt memory.
12) A third unspecified error can be exploited to corrupt memory.
13) A fourth unspecified error can be exploited to cause a buffer overflow.
14) A fifth unspecified error can be exploited to corrupt memory.
15) A sixth unspecified error can be exploited to corrupt memory.
16) A seventh unspecified error can be exploited to corrupt memory.
17) An error when processing signed values encountered while parsing "pami" RIFF chunks can be exploited to corrupt memory.
SOLUTION: Update to version 11.5.7.609. http://get.adobe.com/shockwave/
PROVIDED AND/OR DISCOVERED BY: 1-6) Alin Rad Pop, Secunia Research
The vendor also credits: 2) Nahuel Riva of Core Security Technologies. 3) Chaouki Bekrar of Vupen, Code Audit Labs, and an anonymous person working with iDefense. 7) Chaouki Bekrar and Sebastien Renaud of Vupen, Code Audit Labs, Gjoko Krstic of Zero Science Lab, and Chro HD of Fortinet's FortiGuard Labs. 8, 17) an anonymous person working with ZDI. 9) Chaouki Bekrar of Vupen and an anonymous person working with ZDI. 10) Chaouki Bekrar of Vupen. 11-16) Chro HD of Fortinet's FortiGuard Labs.
CHANGELOG: 2010-05-12: Updated "Extended Description" and added PoCs for vulnerabilities #2, #3, #4, and #6.
ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb10-12.html
Secunia Research: http://secunia.com/secunia_research/2010-17/ http://secunia.com/secunia_research/2010-19/ http://secunia.com/secunia_research/2010-20/ http://secunia.com/secunia_research/2010-22/ http://secunia.com/secunia_research/2010-34/ http://secunia.com/secunia_research/2010-50/
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-087/ http://www.zerodayinitiative.com/advisories/ZDI-10-088/ http://www.zerodayinitiative.com/advisories/ZDI-10-089/
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869
Code Audit Labs: http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html
Zero Science Lab: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php
Core Security Technologies: http://www.coresecurity.com/content/adobe-director-invalid-read
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. User interaction is required in that a user must visit a malicious web site. When a malicious value is used extern to signed integer . Exploitation can lead to remote system compromise under the credentials of the currently logged in user. 2010-5-11 Coordinated public release of advisory.
About Code Audit Labs:
Code Audit Labs is department of VulnHunt company which provide a professional security testing products / services / security consulting and training ,we sincerely hope we can help your procudes to improve code quality and safety. WebSite http://www.VulnHunt.com ( online soon)
. Binary Analysis & Proof-of-concept
In-depth binary analysis, code execution exploits and proof-of-concept codes are published through the VUPEN Binary Analysis & Exploits Service :
http://www.vupen.com/exploits/
V. CREDIT
These vulnerabilities were discovered by Chaouki Bekrar of VUPEN Security
VII. ABOUT VUPEN Security
VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks.
Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats.
-
VUPEN Vulnerability Notification Service: http://www.vupen.com/english/services/
-
VUPEN Binary Analysis & Exploits Service : http://www.vupen.com/exploits/
-
VUPEN Web Application Security Scanner (WASS): http://www.vupen.com/english/wass/
VIII. REFERENCES
http://www.vupen.com/english/advisories/2010/1128 http://www.adobe.com/support/security/bulletins/apsb10-12.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0129
IX.
====================================================================== 2) Severity
Rating: Highly critical Impact: System access Where: From remote
====================================================================== 3) Vendor's Description of Software
"Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. ".dir") is opened.
====================================================================== 6) Time Table
03/03/2010 - Vendor notified. 03/03/2010 - Vendor response. 12/05/2010 - Public disclosure.
====================================================================== 9) About Secunia
Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
====================================================================== 10) Verification
Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2010-20/
Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/
======================================================================
Full-Disclosure - We believe in it. iDefense Security Advisory 05.11.10 http://labs.idefense.com/intelligence/vulnerabilities/ May 11, 2010
I. BACKGROUND
Adobe Shockwave Player is a popular Web browser plugin. It is available
for multiple Web browsers and platforms, including Windows, and MacOS.
Shockwave Player enables Web browsers to display rich multimedia
content in the form of Shockwave videos. For more information, see the
vendor's site found at the following link:
http://get.adobe.com/shockwave
II.
The
vulnerability takes place during the processing of a certain malformed
file. A function calculates an offset to be used within a memory mapped
file and returns the offset value. The return value is not checked. This
can lead to a condition where an attacker is able to overwrite memory
outside the bounds of the allocated memory map.
III. To exploit
this vulnerability, a targeted user must load a malicious file created
by an attacker. An attacker typically accomplishes this via social
engineering or injecting content into a compromised, trusted site.
Adobe Shockwave Player implements a custom memory management system
for object allocation. Due to the design of the memory allocator, an
attacker is able to predict the distance of objects within a memory
map. This condition can help facilitate reliable exploitation of this
vulnerability.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in the latest version of Shockwave Player at the time of testing, version 11.5.6r606.
V. WORKAROUND
The killbit for the Shockwave Player ActiveX control can be set by
creating the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility{233C1507-6A77-46A4-9443-F871F945D258} Under this key
create a new DWORD value called "Compatibility Flags" and set its
hexadecimal value to 400.
To re-enable Shockwave Player set
the "Compatibility Flags" value to 0.
VI. VENDOR RESPONSE
Adobe has released a fix which addresses this issue. Information about downloadable vendor updates can be found by clicking on the URLs shown.
http://get.adobe.com/shockwave/
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2010-0129 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
03/03/2010 Initial Vendor Notification 03/03/2009 Initial Vendor Reply 05/11/2010 Coordinated Public Disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2010 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201005-0052",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "shockwave player",
"scope": "lt",
"trust": 1.0,
"vendor": "adobe",
"version": "11.5.7.609"
},
{
"model": "shockwave player",
"scope": "lte",
"trust": 0.8,
"vendor": "adobe",
"version": "11.5.6.606"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "9"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "6.0"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "5.0"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "10.1.0.11"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "3.0"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "8.0"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "8.5.1"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "1.0"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "2.0"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "4.0"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.6.606"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.2.606"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.2.602"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.1.601"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.601"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.600"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.596"
},
{
"model": "shockwave player",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "11.5.7.609"
},
{
"model": "shockwave player",
"scope": "eq",
"trust": 0.1,
"vendor": "adobe incorporated",
"version": "11.5.6.606"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2010-4937"
},
{
"db": "BID",
"id": "40082"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001475"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-191"
},
{
"db": "NVD",
"id": "CVE-2010-0129"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:adobe:shockwave_player",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001475"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "VulnHunt http://www.vulnhunt.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201005-191"
}
],
"trust": 0.6
},
"cve": "CVE-2010-0129",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2010-0129",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-42734",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2010-0129",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-0129",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-0129",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201005-191",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2010-4937",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "VULHUB",
"id": "VHN-42734",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2010-4937"
},
{
"db": "VULHUB",
"id": "VHN-42734"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001475"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-191"
},
{
"db": "NVD",
"id": "CVE-2010-0129"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error. Adobe Shockwave Player is prone to multiple remote code-execution vulnerabilities while parsing Director (.dir) files. \nAttackers can exploit these issues to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts may cause a denial-of-service condition. \nVersions prior to Shockwave Player 11.5.7.609 are vulnerable. \nNote: These issues were previously covered in BID 40066 (Adobe Shockwave Player APSB10-12 Multiple Remote Vulnerabilities); they have been given their own record to better document them. The vulnerable software fails to sanitize user input when processing .dir files resulting in a crash and overwrite of a few memory registers.\u003cbr/\u003e\u003cbr/\u003e --------------------------------------------------------------------------------\u003cbr/\u003e\u003cbr/\u003e\u003ccode\u003e (f94.ae4): Access violation - code c0000005 (first chance)\u003cbr/\u003e First chance exceptions are reported before any exception handling.\u003cbr/\u003e This exception may be expected and handled.\u003cbr/\u003e eax=20a0a0a0 ebx=207d004c ecx=00000400 edx=41414140 esi=00000000 edi=a80487d8\u003cbr/\u003e eip=68008bd6 esp=0012de4c ebp=00000400 iopl=0 nv up ei pl nz na pe nc\u003cbr/\u003e cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00050206\u003cbr/\u003e *** WARNING: Unable to verify checksum for C:\\Program Files\\Adobe\\Adobe Director 11\\DIRAPI.dll\u003cbr/\u003e *** ERROR: Symbol file could not be found. Defaulted to export symbols for DIRAPI.dll - \u003cbr/\u003e DIRAPI!Ordinal14+0x3b16:\u003cbr/\u003e 68008bd6 2b4f04 sub ecx,dword ptr [edi+4] ds:0023:a80487dc=????????\u003cbr/\u003e\u003cbr/\u003e-----------------------\u003cbr/\u003e\u003cbr/\u003eEAX FFFFFFFF\u003cbr/\u003eECX 41414141\u003cbr/\u003eEDX FFFFFFFF\u003cbr/\u003eEBX 00000018\u003cbr/\u003eESP 0012F3B4\u003cbr/\u003eEBP 02793578\u003cbr/\u003eESI 0012F3C4\u003cbr/\u003eEDI 02793578\u003cbr/\u003eEIP 69009F1F IML32.69009F1F\u003cbr/\u003e\u003c/code\u003e\u003cbr/\u003e--------------------------------------------------------------------------------\u003cbr/\u003e\u003cbr/\u003eTested on: Microsoft Windows XP Professional SP3 (English). ----------------------------------------------------------------------\n\n\nLooking for a job?\n\n\nSecunia is hiring skilled researchers and talented developers. \n\n1) A boundary error while processing FFFFFF45h Shockwave 3D blocks\ncan be exploited to corrupt memory. \n\n2) A signedness error in the processing of Director files can be\nexploited to corrupt memory. \n\n3) An array indexing error when processing Director files can be\nexploited to corrupt memory. \n\n4) An integer overflow error when processing Director files can be\nexploited to corrupt memory. \n\n5) An error when processing asset entries contained in Director files\ncan be exploited to corrupt memory. \n\n6) A boundary error when processing embedded fonts can be exploited\nto cause a heap-based buffer overflow via a specially crafted\nDirector file. \n\n7) An error when processing Director files can be exploited to\noverwrite 4 bytes of memory. \n\n8) An error in the implementation of ordinal function 1409 in\niml32.dll can be exploited to corrupt heap memory via a specially\ncrafted Director file. \n\n9) An error when processing a 4-byte field inside FFFFFF49h Shockwave\n3D blocks can be exploited to corrupt heap memory. \n\n10) An unspecified error can be exploited to corrupt memory. \n\n11) A second unspecified error can be exploited to corrupt memory. \n\n12) A third unspecified error can be exploited to corrupt memory. \n\n13) A fourth unspecified error can be exploited to cause a buffer\noverflow. \n\n14) A fifth unspecified error can be exploited to corrupt memory. \n\n15) A sixth unspecified error can be exploited to corrupt memory. \n\n16) A seventh unspecified error can be exploited to corrupt memory. \n\n17) An error when processing signed values encountered while parsing\n\"pami\" RIFF chunks can be exploited to corrupt memory. \n\nSOLUTION:\nUpdate to version 11.5.7.609. \nhttp://get.adobe.com/shockwave/\n\nPROVIDED AND/OR DISCOVERED BY:\n1-6) Alin Rad Pop, Secunia Research\n\nThe vendor also credits:\n2) Nahuel Riva of Core Security Technologies. \n3) Chaouki Bekrar of Vupen, Code Audit Labs, and an anonymous person\nworking with iDefense. \n7) Chaouki Bekrar and Sebastien Renaud of Vupen, Code Audit Labs,\nGjoko Krstic of Zero Science Lab, and Chro HD of Fortinet\u0027s\nFortiGuard Labs. \n8, 17) an anonymous person working with ZDI. \n9) Chaouki Bekrar of Vupen and an anonymous person working with ZDI. \n10) Chaouki Bekrar of Vupen. \n11-16) Chro HD of Fortinet\u0027s FortiGuard Labs. \n\nCHANGELOG:\n2010-05-12: Updated \"Extended Description\" and added PoCs for\nvulnerabilities #2, #3, #4, and #6. \n\nORIGINAL ADVISORY:\nAdobe:\nhttp://www.adobe.com/support/security/bulletins/apsb10-12.html\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2010-17/\nhttp://secunia.com/secunia_research/2010-19/\nhttp://secunia.com/secunia_research/2010-20/\nhttp://secunia.com/secunia_research/2010-22/\nhttp://secunia.com/secunia_research/2010-34/\nhttp://secunia.com/secunia_research/2010-50/\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-087/\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-088/\nhttp://www.zerodayinitiative.com/advisories/ZDI-10-089/\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869\n\nCode Audit Labs:\nhttp://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html\nhttp://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html\nhttp://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html\n\nZero Science Lab:\nhttp://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php\n\nCore Security Technologies:\nhttp://www.coresecurity.com/content/adobe-director-invalid-read\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. User interaction is required\nin that a user must visit a malicious web site. When a malicious value is used\nextern to signed integer . Exploitation can lead to remote system\ncompromise under the credentials of the currently logged in user. \n2010-5-11 Coordinated public release of advisory. \n\n\nAbout Code Audit Labs:\n=====================\nCode Audit Labs is department of VulnHunt company which provide a\nprofessional security testing products / services / security consulting\nand training ,we sincerely hope we can help your procudes to improve code\nquality and safety. \nWebSite http://www.VulnHunt.com ( online soon)\n\n. Binary Analysis \u0026 Proof-of-concept\n---------------------------------------\n\nIn-depth binary analysis, code execution exploits and proof-of-concept\ncodes are published through the VUPEN Binary Analysis \u0026 Exploits Service :\n\nhttp://www.vupen.com/exploits/\n\n\nV. CREDIT\n--------------\n\nThese vulnerabilities were discovered by Chaouki Bekrar of VUPEN Security\n\n\nVII. ABOUT VUPEN Security\n---------------------------\n\nVUPEN is a leading IT security research company providing vulnerability\nmanagement and security intelligence solutions which enable enterprises\nand institutions to eliminate vulnerabilities before they can be exploited,\nensure security policy compliance and meaningfully measure and manage risks. \n\nGovernmental and federal agencies, and global enterprises in the financial\nservices, insurance, manufacturing and technology industries rely on VUPEN\nto improve their security, prioritize resources, cut time and costs, and\nstay ahead of the latest threats. \n\n* VUPEN Vulnerability Notification Service:\nhttp://www.vupen.com/english/services/\n\n* VUPEN Binary Analysis \u0026 Exploits Service :\nhttp://www.vupen.com/exploits/\n\n* VUPEN Web Application Security Scanner (WASS):\nhttp://www.vupen.com/english/wass/\n\n\nVIII. REFERENCES\n----------------------\n\nhttp://www.vupen.com/english/advisories/2010/1128\nhttp://www.adobe.com/support/security/bulletins/apsb10-12.html\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0129\n\n\nIX. \n\n====================================================================== \n2) Severity \n\nRating: Highly critical\nImpact: System access\nWhere: From remote\n\n====================================================================== \n3) Vendor\u0027s Description of Software \n\n\"Over 450 million Internet-enabled desktops have installed Adobe \nShockwave Player. \".dir\") is opened. \n\n====================================================================== \n6) Time Table \n\n03/03/2010 - Vendor notified. \n03/03/2010 - Vendor response. \n12/05/2010 - Public disclosure. \n\n====================================================================== \n9) About Secunia\n\nSecunia offers vulnerability management solutions to corporate\ncustomers with verified and reliable vulnerability intelligence\nrelevant to their specific system configuration:\n\nhttp://secunia.com/advisories/business_solutions/\n\nSecunia also provides a publicly accessible and comprehensive advisory\ndatabase as a service to the security community and private \nindividuals, who are interested in or concerned about IT-security. \n\nhttp://secunia.com/advisories/\n\nSecunia believes that it is important to support the community and to\ndo active vulnerability research in order to aid improving the \nsecurity and reliability of software in general:\n\nhttp://secunia.com/secunia_research/\n\nSecunia regularly hires new skilled team members. Check the URL below\nto see currently vacant positions:\n\nhttp://secunia.com/corporate/jobs/\n\nSecunia offers a FREE mailing list called Secunia Security Advisories:\n\nhttp://secunia.com/advisories/mailing_lists/\n\n====================================================================== \n10) Verification \n\nPlease verify this advisory by visiting the Secunia website:\nhttp://secunia.com/secunia_research/2010-20/\n\nComplete list of vulnerability reports published by Secunia Research:\nhttp://secunia.com/secunia_research/\n\n======================================================================\n\n_______________________________________________\nFull-Disclosure - We believe in it. iDefense Security Advisory 05.11.10\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nMay 11, 2010\n\nI. BACKGROUND\n\nAdobe Shockwave Player is a popular Web browser plugin. It is available\nfor multiple Web browsers and platforms, including Windows, and MacOS. \nShockwave Player enables Web browsers to display rich multimedia\ncontent in the form of Shockwave videos. For more information, see the\nvendor\u0027s site found at the following link:\u003cBR\u003e \u003cBR\u003e\nhttp://get.adobe.com/shockwave\n\nII. \u003cBR\u003e \u003cBR\u003e The\nvulnerability takes place during the processing of a certain malformed\nfile. A function calculates an offset to be used within a memory mapped\nfile and returns the offset value. The return value is not checked. This\ncan lead to a condition where an attacker is able to overwrite memory\noutside the bounds of the allocated memory map. \n\nIII. To exploit\nthis vulnerability, a targeted user must load a malicious file created\nby an attacker. An attacker typically accomplishes this via social\nengineering or injecting content into a compromised, trusted site. \u003cBR\u003e\n\u003cBR\u003e Adobe Shockwave Player implements a custom memory management system\nfor object allocation. Due to the design of the memory allocator, an\nattacker is able to predict the distance of objects within a memory\nmap. This condition can help facilitate reliable exploitation of this\nvulnerability. \n\nIV. DETECTION\n\niDefense has confirmed the existence of this vulnerability in the latest\nversion of Shockwave Player at the time of testing, version 11.5.6r606. \n\nV. WORKAROUND\n\nThe killbit for the Shockwave Player ActiveX control can be set by\ncreating the following registry key:\u003cBR\u003e \u003cBR\u003e\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX\nCompatibility\\{233C1507-6A77-46A4-9443-F871F945D258} Under this key\ncreate a new DWORD value called \"Compatibility Flags\" and set its\nhexadecimal value to 400. \u003cBR\u003e \u003cBR\u003e To re-enable Shockwave Player set\nthe \"Compatibility Flags\" value to 0. \n\nVI. VENDOR RESPONSE\n\nAdobe has released a fix which addresses this issue. Information about\ndownloadable vendor updates can be found by clicking on the URLs shown. \n\nhttp://get.adobe.com/shockwave/\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2010-0129 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n03/03/2010 Initial Vendor Notification\n03/03/2009 Initial Vendor Reply\n05/11/2010 Coordinated Public Disclosure\n\nIX. CREDIT\n\nThe discoverer of this vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2010 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-0129"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001475"
},
{
"db": "BID",
"id": "40082"
},
{
"db": "ZSL",
"id": "ZSL-2010-4937"
},
{
"db": "VULHUB",
"id": "VHN-42734"
},
{
"db": "PACKETSTORM",
"id": "89462"
},
{
"db": "PACKETSTORM",
"id": "89431"
},
{
"db": "PACKETSTORM",
"id": "89490"
},
{
"db": "PACKETSTORM",
"id": "89441"
},
{
"db": "PACKETSTORM",
"id": "89436"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/shockwave_mem.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-42734",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2010-4937"
},
{
"db": "VULHUB",
"id": "VHN-42734"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-0129",
"trust": 3.2
},
{
"db": "SECUNIA",
"id": "38751",
"trust": 2.9
},
{
"db": "BID",
"id": "40082",
"trust": 2.8
},
{
"db": "VUPEN",
"id": "ADV-2010-1128",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001475",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201005-191",
"trust": 0.7
},
{
"db": "ZSL",
"id": "ZSL-2010-4937",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "89436",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "89441",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "89490",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "89431",
"trust": 0.2
},
{
"db": "XF",
"id": "58447",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "12578",
"trust": 0.1
},
{
"db": "BID",
"id": "40081",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "64646",
"trust": 0.1
},
{
"db": "AUSCERT",
"id": "ESB-2010.0436",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1023980",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-42734",
"trust": 0.1
},
{
"db": "ZDI",
"id": "ZDI-10-087",
"trust": 0.1
},
{
"db": "ZDI",
"id": "ZDI-10-089",
"trust": 0.1
},
{
"db": "ZDI",
"id": "ZDI-10-088",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89462",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2010-4937"
},
{
"db": "VULHUB",
"id": "VHN-42734"
},
{
"db": "BID",
"id": "40082"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001475"
},
{
"db": "PACKETSTORM",
"id": "89462"
},
{
"db": "PACKETSTORM",
"id": "89431"
},
{
"db": "PACKETSTORM",
"id": "89490"
},
{
"db": "PACKETSTORM",
"id": "89441"
},
{
"db": "PACKETSTORM",
"id": "89436"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-191"
},
{
"db": "NVD",
"id": "CVE-2010-0129"
}
]
},
"id": "VAR-201005-0052",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-42734"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:47:30.780000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB10-12",
"trust": 0.8,
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"title": "APSB10-12",
"trust": 0.8,
"url": "http://www.adobe.com/jp/support/security/bulletins/apsb10-12.html"
},
{
"title": "Shockwave 11.5.7.609 for Mac Slim",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=3595"
},
{
"title": "Adobe Shockwave Player version 11.5.7.609",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=3594"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001475"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-191"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.0
},
{
"problemtype": "CWE-189",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42734"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001475"
},
{
"db": "NVD",
"id": "CVE-2010-0129"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.vupen.com/english/advisories/2010/1128"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/40082"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/38751"
},
{
"trust": 2.4,
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"trust": 2.2,
"url": "http://secunia.com/secunia_research/2010-20/"
},
{
"trust": 2.1,
"url": "http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html"
},
{
"trust": 1.8,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html"
},
{
"trust": 1.8,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/511262/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/511256/100/0/threaded"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7134"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0129"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0129"
},
{
"trust": 0.4,
"url": "http://www.adobe.com/products/shockwaveplayer/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0129"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/38751/"
},
{
"trust": 0.2,
"url": "http://get.adobe.com/shockwave/"
},
{
"trust": 0.2,
"url": "http://www.vulnhunt.com"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.org/filedesc/zsl-2010-4937.txt.html"
},
{
"trust": 0.1,
"url": "http://www.qualys.com/research/alerts/view.php/2010-05-11-2"
},
{
"trust": 0.1,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1280"
},
{
"trust": 0.1,
"url": "http://www.exploit-db.com/exploits/12578"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/40081"
},
{
"trust": 0.1,
"url": "http://www.0daynet.com/2010/0512/335.html"
},
{
"trust": 0.1,
"url": "http://securityreason.com/exploitalert/8249"
},
{
"trust": 0.1,
"url": "http://forums.cnet.com/5208-6132_102-0.html?messageid=3303052"
},
{
"trust": 0.1,
"url": "http://news.dreamings.org/?p=1050"
},
{
"trust": 0.1,
"url": "http://securitytracker.com/alerts/2010/may/1023980.html"
},
{
"trust": 0.1,
"url": "http://www.auscert.org.au/render.html?it=12789"
},
{
"trust": 0.1,
"url": "http://securityvulns.ru/xdocument830.html"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/xforce/xfdb/58447"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/64646"
},
{
"trust": 0.1,
"url": "http://www.nessus.org/plugins/index.php?view=single\u0026amp;id=46329"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_research/2010-19/"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-089/"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_research/2010-17/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-087/"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_research/2010-34/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-088/"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_research/2010-22/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_research/2010-50/"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/content/adobe-director-invalid-read"
},
{
"trust": 0.1,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2010-4937.php"
},
{
"trust": 0.1,
"url": "http://www.vupen.com/english/wass/"
},
{
"trust": 0.1,
"url": "http://www.vupen.com/english/research.php"
},
{
"trust": 0.1,
"url": "http://www.vupen.com/english/services/"
},
{
"trust": 0.1,
"url": "http://www.vupen.com/exploits/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_research/"
},
{
"trust": 0.1,
"url": "http://secunia.com/corporate/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/mailing_lists/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://get.adobe.com/shockwave"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2010-4937"
},
{
"db": "VULHUB",
"id": "VHN-42734"
},
{
"db": "BID",
"id": "40082"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001475"
},
{
"db": "PACKETSTORM",
"id": "89462"
},
{
"db": "PACKETSTORM",
"id": "89431"
},
{
"db": "PACKETSTORM",
"id": "89490"
},
{
"db": "PACKETSTORM",
"id": "89441"
},
{
"db": "PACKETSTORM",
"id": "89436"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-191"
},
{
"db": "NVD",
"id": "CVE-2010-0129"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2010-4937"
},
{
"db": "VULHUB",
"id": "VHN-42734"
},
{
"db": "BID",
"id": "40082"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001475"
},
{
"db": "PACKETSTORM",
"id": "89462"
},
{
"db": "PACKETSTORM",
"id": "89431"
},
{
"db": "PACKETSTORM",
"id": "89490"
},
{
"db": "PACKETSTORM",
"id": "89441"
},
{
"db": "PACKETSTORM",
"id": "89436"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-191"
},
{
"db": "NVD",
"id": "CVE-2010-0129"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-05-11T00:00:00",
"db": "ZSL",
"id": "ZSL-2010-4937"
},
{
"date": "2010-05-13T00:00:00",
"db": "VULHUB",
"id": "VHN-42734"
},
{
"date": "2010-05-11T00:00:00",
"db": "BID",
"id": "40082"
},
{
"date": "2010-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001475"
},
{
"date": "2010-05-13T07:29:48",
"db": "PACKETSTORM",
"id": "89462"
},
{
"date": "2010-05-12T02:59:43",
"db": "PACKETSTORM",
"id": "89431"
},
{
"date": "2010-05-14T14:47:20",
"db": "PACKETSTORM",
"id": "89490"
},
{
"date": "2010-05-12T15:27:06",
"db": "PACKETSTORM",
"id": "89441"
},
{
"date": "2010-05-12T15:17:03",
"db": "PACKETSTORM",
"id": "89436"
},
{
"date": "2010-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201005-191"
},
{
"date": "2010-05-13T17:30:01.827000",
"db": "NVD",
"id": "CVE-2010-0129"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-06T00:00:00",
"db": "ZSL",
"id": "ZSL-2010-4937"
},
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-42734"
},
{
"date": "2010-05-12T11:12:00",
"db": "BID",
"id": "40082"
},
{
"date": "2010-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001475"
},
{
"date": "2022-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201005-191"
},
{
"date": "2024-11-21T01:11:35.620000",
"db": "NVD",
"id": "CVE-2010-0129"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "89431"
},
{
"db": "PACKETSTORM",
"id": "89436"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-191"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Shockwave Player Integer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001475"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201005-191"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.