Vulnerabilities > CVE-2010-4092 - Resource Management Errors vulnerability in Adobe Shockwave Player

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 11.5.9.620 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an unloaded library. NOTE: some of these details are obtained from third party information.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SHOCKWAVE_PLAYER_APSB11-01.NASL
    descriptionThe remote Mac OS X host contains a version of Adobe Shockwave Player that is 11.5.9.615 or earlier. It is, therefore, affected by multiple vulnerabilities : - Several unspecified errors exist in the
    last seen2020-06-01
    modified2020-06-02
    plugin id80175
    published2014-12-22
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80175
    titleAdobe Shockwave Player <= 11.5.9.615 (APSB11-01) (Mac OS X)
  • NASL familyWindows
    NASL idSHOCKWAVE_PLAYER_APSB11-01.NASL
    descriptionThe remote Windows host contains a version of Adobe
    last seen2020-06-01
    modified2020-06-02
    plugin id51936
    published2011-02-10
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51936
    titleShockwave Player < 11.5.9.620 (APSB11-01)

Oval

accepted2014-11-10T04:00:18.193-05:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
commentAdobe Shockwave Player is installed
ovaloval:org.mitre.oval:def:5990
descriptionUse-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 11.5.9.620 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an unloaded library. NOTE: some of these details are obtained from third party information.
familywindows
idoval:org.mitre.oval:def:11548
statusaccepted
submitted2010-11-22T12:46:28
titleUse-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player 11.5.9.615
version71