CVE-2010-1288 - OpenCVE

Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows 7 Windows Windows Vista Windows Server 2003 Windows Server 2008
Adobe	Shockwave Player
Apple	Macos

Configuration 1 [-]

AND

OR	cpe:2.3:a:adobe:shockwave_player::::::::
	cpe:2.3:a:adobe:shockwave_player:1.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:2.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:3.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:4.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:5.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:6.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:8.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:8.5.1:::::::*
	cpe:2.3:a:adobe:shockwave_player:9:::::::*
	cpe:2.3:a:adobe:shockwave_player:10.1.0.11:::::::*
	cpe:2.3:a:adobe:shockwave_player:11.0.0.456:::::::*
	cpe:2.3:a:adobe:shockwave_player:11.5.0.595:::::::*
	cpe:2.3:a:adobe:shockwave_player:11.5.0.596:::::::*
	cpe:2.3:a:adobe:shockwave_player:11.5.1.601:::::::*
	cpe:2.3:a:adobe:shockwave_player:11.5.2.602:::::::*

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:microsoft:windows::::::::

Configuration 2 [-]

AND

cpe:2.3:a:adobe:shockwave_player:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_7:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2003:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:::::::*
	cpe:2.3:o:microsoft:windows_vista:-:::::::*

References

Link	Resource
http://secunia.com/advisories/38751	Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb10-12.html	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2010/1128	Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7543	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: adobe

Published: 2010-05-13T21:00:00

Updated: 2017-09-18T12:57:01

Reserved: 2010-04-06T00:00:00

Link: CVE-2010-1288

JSON object: View

NVD Information

Status : Analyzed

Published: 2010-05-13T21:30:01.593

Modified: 2022-02-28T14:41:33.933

Link: CVE-2010-1288

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-05-11T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"name": "38751", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38751"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"}, {"name": "oval:org.mitre.oval:def:7543", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7543"}, {"name": "ADV-2010-1128", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1128"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2010-1288", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "38751", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38751"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"}, {"name": "oval:org.mitre.oval:def:7543", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7543"}, {"name": "ADV-2010-1128", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1128"}]}}}}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2010-1288", "datePublished": "2010-05-13T21:00:00", "dateReserved": "2010-04-06T00:00:00", "dateUpdated": "2017-09-18T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "568143B8-4800-4BCE-86DD-B9E410509C48", "versionEndIncluding": "11.5.6.606", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BA5643BC-12F8-4F05-A363-9FC97EF1DD0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "085FA7DD-8048-4768-816C-82828022FCF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E0DC258D-1C2B-4A7F-AD80-6C88A7A78A5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "966A8542-E5E1-468F-989E-47F71123A426", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "4DC1BCC0-B24B-4CFC-B3B9-FA3B0D968CC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFFDAAB3-CC22-4604-80B3-4A54CCEFD29E", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "A77F1733-6755-44E7-8ECC-CFB397FC79A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "AC55CB2C-4DBC-4D16-96A7-FB3316A21D51", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*", "matchCriteriaId": "17F5982F-35BD-49A0-9DBE-774816136D57", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "D18289BB-6568-4671-BC70-C8744DD2E0C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*", "matchCriteriaId": "BF19CBB1-F047-4472-A19D-48A147396383", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*", "matchCriteriaId": "C61B9485-2A42-4C95-9A10-3F1102E4EBBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*", "matchCriteriaId": "79FEEF7E-B477-485A-B9BC-98F6D1A2B10B", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*", "matchCriteriaId": "E4FE4A01-9357-46D9-9BCB-DF2B4DECD9B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*", "matchCriteriaId": "4B9506D5-D8CA-4845-B2FA-0E47C9BB3C1A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C56F007-5F8E-4BDD-A803-C907BCC0AF55", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:shockwave_player:-:*:*:*:*:*:*:*", "matchCriteriaId": "74A5F44B-F1F2-4D7F-9F6D-53AE0A192F0A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3527F41-A6ED-437D-9833-458A2C60C2A3", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*", "matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CAEEA81-5037-4B68-98D9-83AAEBC98E20", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en Adobe Shockwave Player en versiones anteriores a la 11.5.7.609 podr\u00eda permitir a atacantes ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados."}], "evaluatorSolution": "Per: http://www.adobe.com/support/security/bulletins/apsb10-12.html\r\n\r\n'Adobe recommends users of Adobe Shockwave Player 11.5.6.606 and earlier versions update to Adobe Shockwave Player 11.5.7.609'", "id": "CVE-2010-1288", "lastModified": "2022-02-28T14:41:33.933", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-05-13T21:30:01.593", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38751"}, {"source": "psirt@adobe.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"}, {"source": "psirt@adobe.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1128"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7543"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}