Denial of Service Vulnerability in Adobe Shockwave Player and Director
CVE-2010-0128

Currently unrated

Key Information:

Vendor: Adobe
Status: Director
Vendor: CVE Published:; 13 May 2010

Summary

An integer signedness error in the dirapi.dll of Adobe Shockwave Player and Adobe Director prior to version 11.5.7.609 enables remote attackers to exploit crafted .dir files. This may lead to memory corruption, potentially allowing execution of arbitrary code or causing a denial of service. Users are urged to update their software to mitigate these risks.

References

http://secunia.com/advisories/38751

third-party-advisoryx_refsource_SECUNIA

http://www.coresecurity.com/content/adobe-director-invali...

x_refsource_MISC

http://www.securityfocus.com/archive/1/511261/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 13, 2010
Vulnerability Reserved
Jan 4, 2010