CVE-2010-1283 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2010-1283?

CVE-2010-1283 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-1283?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Shockwave Player, Apple Macos, Microsoft Windows.

Vulnerability Description

Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Adobe	Shockwave Player	< 11.5.7.609
Apple	Macos	All versions
Microsoft	Windows	All versions

Related Weaknesses (CWE)

CWE-787

References

http://secunia.com/advisories/38751Third Party Advisory
http://www.adobe.com/support/security/bulletins/apsb10-12.htmlPatchVendor Advisory
http://www.securityfocus.com/archive/1/511253/100/0/threadedThird Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2010/1128Permissions RequiredThird Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-088/Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party AdvisoryTool Signature
http://secunia.com/advisories/38751Third Party Advisory
http://www.adobe.com/support/security/bulletins/apsb10-12.htmlPatchVendor Advisory
http://www.securityfocus.com/archive/1/511253/100/0/threadedThird Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2010/1128Permissions RequiredThird Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-088/Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party AdvisoryTool Signature

FAQ

What is CVE-2010-1283?

CVE-2010-1283 is a vulnerability with a CVSS score of 8.8 (HIGH). Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap mem...

How severe is CVE-2010-1283?

CVE-2010-1283 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-1283?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Shockwave Player, Apple Macos, Microsoft Windows.