CVE-2010-0128 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2010-0128?

CVE-2010-0128 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-0128?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Director, Adobe Shockwave Player, Apple Macos, Microsoft Windows.

Vulnerability Description

Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Adobe	Director	< 11.5.7.609
Adobe	Shockwave Player	<= 11.5.6.606
Apple	Macos	All versions
Microsoft	Windows	All versions

Related Weaknesses (CWE)

CWE-787

References

http://secunia.com/advisories/38751Broken LinkVendor Advisory
http://secunia.com/secunia_research/2010-19/Broken LinkVendor Advisory
http://www.adobe.com/support/security/bulletins/apsb10-12.htmlPatchVendor Advisory
http://www.coresecurity.com/content/adobe-director-invalid-readBroken Link
http://www.securityfocus.com/archive/1/511240/100/0/threadedBroken LinkVDB Entry
http://www.securityfocus.com/archive/1/511261/100/0/threadedBroken LinkVDB Entry
http://www.vupen.com/english/advisories/2010/1128Broken LinkVendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Tool Signature
http://secunia.com/advisories/38751Broken LinkVendor Advisory
http://secunia.com/secunia_research/2010-19/Broken LinkVendor Advisory
http://www.adobe.com/support/security/bulletins/apsb10-12.htmlPatchVendor Advisory
http://www.coresecurity.com/content/adobe-director-invalid-readBroken Link
http://www.securityfocus.com/archive/1/511240/100/0/threadedBroken LinkVDB Entry
http://www.securityfocus.com/archive/1/511261/100/0/threadedBroken LinkVDB Entry
http://www.vupen.com/english/advisories/2010/1128Broken LinkVendor Advisory

FAQ

What is CVE-2010-0128?

CVE-2010-0128 is a vulnerability with a CVSS score of 9.3 (HIGH). Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or poss...

How severe is CVE-2010-0128?

CVE-2010-0128 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-0128?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Director, Adobe Shockwave Player, Apple Macos, Microsoft Windows.