Vulnerabilities > CVE-2010-2874 - Resource Management Errors vulnerability in Adobe Shockwave Player

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
adobe
CWE-399
critical
nessus
NVD
Published: 2010-09-07
Updated: 2017-09-19

Summary

Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. NOTE: due to conflicting information and use of the same CVE identifier by the vendor, ZDI, and TippingPoint, it is not clear whether this issue is related to use of an uninitialized pointer, an incorrect pointer offset calculation, or both.

Vulnerable Configurations

Part Description Count
Application
Adobe
42

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SHOCKWAVE_PLAYER_APSB10-20.NASL
    descriptionThe remote Mac OS X host contains a version of Adobe Shockwave Player that is 11.5.7.609 or earlier. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow arbitrary code execution. (CVE-2010-2863, CVE-2010-2864, CVE-2010-2866, CVE-2010-2869, CVE-2010-2870, CVE-2010-2871, CVE-2010-2872, CVE-2010-2873, CVE-2010-2873, CVE-2010-2874, CVE-2010-2875, CVE-2010-2876, CVE-2010-2877, CVE-2010-2878, CVE-2010-2880, CVE-2010-2881, CVE-2010-2882) - A pointer offset vulnerability exists that allows code execution. (CVE-2010-2867) - Multiple unspecified denial of service issues exist. (CVE-2010-2865, CVE-2010-2868) - An integer overflow vulnerability exists that allows to code execution. (CVE-2010-2879)
    last seen2020-06-01
    modified2020-06-02
    plugin id80173
    published2014-12-22
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80173
    titleAdobe Shockwave Player <= 11.5.7.609 (APSB10-20) (Mac OS X)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(80173);
  script_version("1.4");
  script_cvs_date("Date: 2019/11/25");

  script_cve_id(
    "CVE-2010-2863",
    "CVE-2010-2864",
    "CVE-2010-2865",
    "CVE-2010-2866",
    "CVE-2010-2867",
    "CVE-2010-2868",
    "CVE-2010-2869",
    "CVE-2010-2870",
    "CVE-2010-2871",
    "CVE-2010-2872",
    "CVE-2010-2873",
    "CVE-2010-2874",
    "CVE-2010-2875",
    "CVE-2010-2876",
    "CVE-2010-2877",
    "CVE-2010-2878",
    "CVE-2010-2879",
    "CVE-2010-2880",
    "CVE-2010-2881",
    "CVE-2010-2882"
  );
  script_bugtraq_id(
    42664,
    42665,
    42666,
    42667,
    42668,
    42669,
    42670,
    42671,
    42672,
    42673,
    42674,
    42675,
    42676,
    42677,
    42678,
    42679,
    42680,
    42682,
    42683,
    42684
  );

  script_name(english:"Adobe Shockwave Player <= 11.5.7.609 (APSB10-20) (Mac OS X)");
  script_summary(english:"Checks the version of Shockwave Player.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host contains a web browser plugin that is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Mac OS X host contains a version of Adobe Shockwave Player
that is 11.5.7.609 or earlier. It is, therefore, affected by multiple
vulnerabilities :

  - Multiple memory corruption issues exist that allow
    arbitrary code execution. (CVE-2010-2863,
    CVE-2010-2864, CVE-2010-2866, CVE-2010-2869,
    CVE-2010-2870, CVE-2010-2871, CVE-2010-2872,
    CVE-2010-2873, CVE-2010-2873, CVE-2010-2874,
    CVE-2010-2875, CVE-2010-2876, CVE-2010-2877,
    CVE-2010-2878, CVE-2010-2880, CVE-2010-2881,
    CVE-2010-2882)

  - A pointer offset vulnerability exists that allows code
    execution. (CVE-2010-2867)

  - Multiple unspecified denial of service issues exist.
    (CVE-2010-2865, CVE-2010-2868)

  - An integer overflow vulnerability exists that allows
    to code execution. (CVE-2010-2879)");
  script_set_attribute(attribute:"see_also", value:"http://www.adobe.com/support/security/bulletins/apsb10-20.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Shockwave 11.5.8.612 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2010-2863");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/08/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/08/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:shockwave_player");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("shockwave_player_detect_macosx.nbin");
  script_require_keys("installed_sw/Shockwave Player", "Host/MacOSX/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

os = get_kb_item("Host/MacOSX/Version");
if (!os) audit(AUDIT_OS_NOT, "Mac OS X");

app = 'Shockwave Player';

get_install_count(app_name:app, exit_if_zero:TRUE);

install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);

ver = install['version'];
path = install['path'];

if (ver_compare(ver:ver, fix:'11.5.7.609', strict:FALSE) <= 0)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + ver +
      '\n  Fixed versions    : 11.5.8.612' +
      '\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(port:0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);
  • NASL familyWindows
    NASL idSHOCKWAVE_PLAYER_APSB10-20.NASL
    descriptionThe remote Windows host contains a version of Adobe
    last seen2020-06-01
    modified2020-06-02
    plugin id48436
    published2010-08-25
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48436
    titleShockwave Player < 11.5.8.612

Oval

accepted2014-11-10T04:00:21.623-05:00
classvulnerability
contributors
  • nameJ. Daniel Brown
    organizationDTCC
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
commentAdobe Shockwave Player is installed
ovaloval:org.mitre.oval:def:5990
descriptionUnspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. NOTE: due to conflicting information and use of the same CVE identifier by the vendor, ZDI, and TippingPoint, it is not clear whether this issue is related to use of an uninitialized pointer, an incorrect pointer offset calculation, or both.
familywindows
idoval:org.mitre.oval:def:11924
statusaccepted
submitted2010-08-25T17:30:00.000-05:00
titleAdobe Shockwave Player Memory Corruption Vulnerability
version6

References