Adobe Shockwave Player up to 8.0.195 dirapi.dll memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.5 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Adobe Shockwave Player up to 8.0.195. It has been rated as critical. This affects an unknown part in the library dirapi.dll. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2010-4188. There is no exploit available. Upgrading the affected component is advised.
Details
A vulnerability was found in Adobe Shockwave Player up to 8.0.195 (Multimedia Player Software) and classified as very critical. This issue affects an unknown function in the library dirapi.dll. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk with a size field of 0, which is used in the calculation of a file offset and causes invalid data to be used as a loop counter, triggering a heap-based buffer overflow, a different vulnerability than CVE-2010-2587 and CVE-2010-2588.
The weakness was shared 02/10/2011 by Aaron Portnoy with TippingPoint (Website). It is possible to read the advisory at adobe.com. The identification of this vulnerability is CVE-2010-4188. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 10/16/2021).
The vulnerability scanner Nessus provides a plugin with the ID 51936 (Shockwave Player < 11.5.9.620 (APSB11-01)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows. The commercial vulnerability scanner Qualys is able to test this issue with plugin 118959 (Adobe Shockwave Player Multiple Code Execution Vulnerabilities (APSB11-01)).
Upgrading to version 8.0.196 eliminates this vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 10817.
The vulnerability is also documented in the databases at Tenable (51936), SecurityFocus (BID 46319†) and Vulnerability Center (SBV-29651†). The entries VDB-55344, VDB-56421, VDB-56417 and VDB-56416 are related to this item. Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Support
Website
- Vendor: https://www.adobe.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 10.0VulDB Meta Temp Score: 9.5
VulDB Base Score: 10.0
VulDB Temp Score: 9.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 51936
Nessus Name: Shockwave Player < 11.5.9.620 (APSB11-01)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 801846
OpenVAS Name: Adobe Shockwave Player Multiple Remote Code Execution Vulnerabilities - Feb 2011
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Shockwave Player 8.0.196
TippingPoint: 🔍
Timeline
11/05/2010 🔍02/08/2011 🔍
02/08/2011 🔍
02/09/2011 🔍
02/10/2011 🔍
02/10/2011 🔍
03/20/2015 🔍
10/16/2021 🔍
Sources
Vendor: adobe.comAdvisory: adobe.com
Researcher: Aaron Portnoy
Organization: TippingPoint
Status: Not defined
Confirmation: 🔍
CVE: CVE-2010-4188 (🔍)
GCVE (CVE): GCVE-0-2010-4188
GCVE (VulDB): GCVE-100-56399
SecurityFocus: 46319 - Adobe Shockwave Player 'dirapi.dll' Module Memory Corruption Remote Code Execution Vulnerability
Secunia: 42112
Vulnerability Center: 29651 - [APSB11-01] Adobe Shockwave Player 11 - 11.5.9.615 dirapi.dll Memory Corruption Allows Remote Code Execution, Medium
See also: 🔍
Entry
Created: 03/20/2015 16:16Updated: 10/16/2021 08:50
Changes: 03/20/2015 16:16 (62), 03/15/2017 12:29 (10), 10/16/2021 08:47 (3), 10/16/2021 08:50 (2)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.