Vulnerabilities > CVE-2010-4092 - Resource Management Errors vulnerability in Adobe Shockwave Player
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 11.5.9.620 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an unloaded library. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SHOCKWAVE_PLAYER_APSB11-01.NASL description The remote Mac OS X host contains a version of Adobe Shockwave Player that is 11.5.9.615 or earlier. It is, therefore, affected by multiple vulnerabilities : - Several unspecified errors exist in the last seen 2020-06-01 modified 2020-06-02 plugin id 80175 published 2014-12-22 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80175 title Adobe Shockwave Player <= 11.5.9.615 (APSB11-01) (Mac OS X) NASL family Windows NASL id SHOCKWAVE_PLAYER_APSB11-01.NASL description The remote Windows host contains a version of Adobe last seen 2020-06-01 modified 2020-06-02 plugin id 51936 published 2011-02-10 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51936 title Shockwave Player < 11.5.9.620 (APSB11-01)
Oval
| accepted | 2014-11-10T04:00:18.193-05:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 11.5.9.620 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an unloaded library. NOTE: some of these details are obtained from third party information. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:11548 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-11-22T12:46:28 | ||||||||||||
| title | Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player 11.5.9.615 | ||||||||||||
| version | 71 |
References
- http://osvdb.org/68982
- http://secunia.com/advisories/42112
- http://www.adobe.com/support/security/bulletins/apsb11-01.html
- http://www.securityfocus.com/bid/44617
- http://www.securitytracker.com/id?1025056
- http://www.vupen.com/english/advisories/2011/0335
- https://exchange.xforce.ibmcloud.com/vulnerabilities/62978
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11548