CVE-2010-4190

Adobe Shockwave CSWV Chunk Substructure Offset Value Remote Code Execution Vulnerability

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted CSWV RIFF chunk that causes an incorrect calculation of an offset for a substructure, which causes an out-of-bounds "seek" of heap memory, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.

Adobe Shockwave Player en versiones anteriores a la 11.5.9.620 permite que los atacantes ejecuten código arbitrario o provoquen una denegación de servicio (corrupción de memoria) mediante una película Director con un fragmento RIFF CSWV que provoca un cálculo incorrecto de un desplazamiento para una subestructura, lo que provoca un "seek" fuera de límites de la memoria dinámica (heap). Esta vulnerabilidad es diferente de CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4191, CVE-2010-4192 y CVE-2010-4306.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the code responsible for parsing substructures referenced by the CSWV RIFF chunk. An offset is improperly calculated from several elements of a substructure. By crafting a director file in a particular way, an attacker can cause the process to seek out of the bounds of a heap allocation. Due to the way the process continues to manipulate memory, an attacker can force reliable corruption that can be leveraged to execute arbitrary code under the context of the user running the browser.

*Credits: Aniway (Aniway.Anyway@gmail.com)Luigi Auriemma

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-11-05 CVE Reserved
2011-02-08 CVE Published
2024-05-26 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (6)

URL	Tag	Source
http://www.securityfocus.com/archive/1/516324/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/46324	Vdb Entry
http://www.securitytracker.com/id?1025056	Vdb Entry
http://www.zerodayinitiative.com/advisories/ZDI-11-080	X_refsource_misc

URL	Date	SRC

URL	Date	SRC
http://www.adobe.com/support/security/bulletins/apsb11-01.html	2018-10-11

URL	Date	SRC
http://www.vupen.com/english/advisories/2011/0335	2018-10-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				<= 11.5.9.615 Search vendor "Adobe" for product "Shockwave Player" and version " <= 11.5.9.615"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				1.0 Search vendor "Adobe" for product "Shockwave Player" and version "1.0"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				2.0 Search vendor "Adobe" for product "Shockwave Player" and version "2.0"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				3.0 Search vendor "Adobe" for product "Shockwave Player" and version "3.0"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				4.0 Search vendor "Adobe" for product "Shockwave Player" and version "4.0"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				5.0 Search vendor "Adobe" for product "Shockwave Player" and version "5.0"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				6.0 Search vendor "Adobe" for product "Shockwave Player" and version "6.0"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				8.0 Search vendor "Adobe" for product "Shockwave Player" and version "8.0"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				8.0.196 Search vendor "Adobe" for product "Shockwave Player" and version "8.0.196"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				8.0.196a Search vendor "Adobe" for product "Shockwave Player" and version "8.0.196a"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				8.0.204 Search vendor "Adobe" for product "Shockwave Player" and version "8.0.204"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				8.0.205 Search vendor "Adobe" for product "Shockwave Player" and version "8.0.205"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				8.5.1 Search vendor "Adobe" for product "Shockwave Player" and version "8.5.1"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				8.5.1.100 Search vendor "Adobe" for product "Shockwave Player" and version "8.5.1.100"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				8.5.1.103 Search vendor "Adobe" for product "Shockwave Player" and version "8.5.1.103"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				8.5.1.105 Search vendor "Adobe" for product "Shockwave Player" and version "8.5.1.105"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				8.5.1.106 Search vendor "Adobe" for product "Shockwave Player" and version "8.5.1.106"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				8.5.321 Search vendor "Adobe" for product "Shockwave Player" and version "8.5.321"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				8.5.323 Search vendor "Adobe" for product "Shockwave Player" and version "8.5.323"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				8.5.324 Search vendor "Adobe" for product "Shockwave Player" and version "8.5.324"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				8.5.325 Search vendor "Adobe" for product "Shockwave Player" and version "8.5.325"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				9 Search vendor "Adobe" for product "Shockwave Player" and version "9"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				9.0.383 Search vendor "Adobe" for product "Shockwave Player" and version "9.0.383"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				9.0.432 Search vendor "Adobe" for product "Shockwave Player" and version "9.0.432"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				10.0.0.210 Search vendor "Adobe" for product "Shockwave Player" and version "10.0.0.210"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				10.0.1.004 Search vendor "Adobe" for product "Shockwave Player" and version "10.0.1.004"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				10.1.0.11 Search vendor "Adobe" for product "Shockwave Player" and version "10.1.0.11"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				10.1.0.011 Search vendor "Adobe" for product "Shockwave Player" and version "10.1.0.011"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				10.1.1.016 Search vendor "Adobe" for product "Shockwave Player" and version "10.1.1.016"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				10.1.4.020 Search vendor "Adobe" for product "Shockwave Player" and version "10.1.4.020"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				10.2.0.021 Search vendor "Adobe" for product "Shockwave Player" and version "10.2.0.021"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				10.2.0.022 Search vendor "Adobe" for product "Shockwave Player" and version "10.2.0.022"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				10.2.0.023 Search vendor "Adobe" for product "Shockwave Player" and version "10.2.0.023"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				11.0.0.456 Search vendor "Adobe" for product "Shockwave Player" and version "11.0.0.456"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				11.0.3.471 Search vendor "Adobe" for product "Shockwave Player" and version "11.0.3.471"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				11.5.0.595 Search vendor "Adobe" for product "Shockwave Player" and version "11.5.0.595"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				11.5.0.596 Search vendor "Adobe" for product "Shockwave Player" and version "11.5.0.596"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				11.5.1.601 Search vendor "Adobe" for product "Shockwave Player" and version "11.5.1.601"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				11.5.2.602 Search vendor "Adobe" for product "Shockwave Player" and version "11.5.2.602"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				11.5.6.606 Search vendor "Adobe" for product "Shockwave Player" and version "11.5.6.606"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				11.5.7.609 Search vendor "Adobe" for product "Shockwave Player" and version "11.5.7.609"		-		Affected
Adobe Search vendor "Adobe"		Shockwave Player Search vendor "Adobe" for product "Shockwave Player"				11.5.8.612 Search vendor "Adobe" for product "Shockwave Player" and version "11.5.8.612"		-		Affected