Weekly Vulnerabilities Reports > May 10 to 16, 2010

Overview

9 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 1 products from 1 vendors including and Adobe. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Integer Overflow or Wraparound", and "Infinite Loop".

  • 9 reported vulnerabilities are remotely exploitables.
  • 9 reported vulnerabilities are exploitable by an anonymous user.
  • Adobe has the most reported vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

8 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-05-13 CVE-2010-1283 Adobe Out-of-bounds Write vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.

8.8
2010-05-13 CVE-2010-1281 Adobe Out-of-bounds Write vulnerability in Adobe Shockwave Player

iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.

8.8
2010-05-13 CVE-2010-1280 Adobe Out-of-bounds Write vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.

8.8
2010-05-13 CVE-2010-0987 Adobe Out-of-bounds Write vulnerability in Adobe Shockwave Player

Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.

8.8
2010-05-13 CVE-2010-0986 Adobe Out-of-bounds Write vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.

8.8
2010-05-13 CVE-2010-0130 Adobe Integer Overflow or Wraparound vulnerability in Adobe Shockwave Player

Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.

8.8
2010-05-13 CVE-2010-0129 Adobe Integer Overflow or Wraparound vulnerability in Adobe Shockwave Player

Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.

8.8
2010-05-13 CVE-2010-0127 Adobe Out-of-bounds Write vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.

8.8

1 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-05-13 CVE-2010-1282 Adobe Infinite Loop vulnerability in Adobe Shockwave Player

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.

6.5

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS