Strix
26.1K

CVE-2010-2582

UnknownEPSS 7.95%

Last modified

CVE-2010-2582 is a vulnerability of currently unknown severity. An unspecified function in TextXtra.x32 in Adobe Shockwave Player before 11.5.9.615 does not properly reallocate a buffer when processing a DEMX chunk in a Director file, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code.. EPSS estimates a 7.95% chance of exploitation in the next 30 days.

Description

An unspecified function in TextXtra.x32 in Adobe Shockwave Player before 11.5.9.615 does not properly reallocate a buffer when processing a DEMX chunk in a Director file, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code.

Metrics

EPSS Probability
7.95%

94.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AdobeShockwave Player<= 11.5.8.612
AdobeShockwave Player1.0
AdobeShockwave Player2.0
AdobeShockwave Player3.0
AdobeShockwave Player4.0
AdobeShockwave Player5.0
AdobeShockwave Player6.0
AdobeShockwave Player8.0
AdobeShockwave Player8.0.196
AdobeShockwave Player8.0.196a
AdobeShockwave Player8.0.204
AdobeShockwave Player8.0.205
AdobeShockwave Player8.5.1
AdobeShockwave Player8.5.1.100
AdobeShockwave Player8.5.1.103
AdobeShockwave Player8.5.1.105
AdobeShockwave Player8.5.1.106
AdobeShockwave Player8.5.321
AdobeShockwave Player8.5.323
AdobeShockwave Player8.5.324
AdobeShockwave Player8.5.325
AdobeShockwave Player9
AdobeShockwave Player9.0.383
AdobeShockwave Player9.0.432
AdobeShockwave Player10.0.0.210
AdobeShockwave Player10.0.1.004
AdobeShockwave Player10.1.0.11
AdobeShockwave Player10.1.0.011
AdobeShockwave Player10.1.1.016
AdobeShockwave Player10.1.4.020
AdobeShockwave Player10.2.0.021
AdobeShockwave Player10.2.0.022
AdobeShockwave Player10.2.0.023
AdobeShockwave Player11.0.0.456
AdobeShockwave Player11.0.3.471
AdobeShockwave Player11.5.0.595
AdobeShockwave Player11.5.0.596
AdobeShockwave Player11.5.1.601
AdobeShockwave Player11.5.2.602
AdobeShockwave Player11.5.6.606
AdobeShockwave Player11.5.7.609

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2010-2582?
An unspecified function in TextXtra.x32 in Adobe Shockwave Player before 11.5.9.615 does not properly reallocate a buffer when processing a DEMX chunk in a Director file, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code.
How severe is CVE-2010-2582?
Severity scoring for CVE-2010-2582 is pending analysis. The EPSS model estimates a 7.95% probability of exploitation in the next 30 days.
How do I fix CVE-2010-2582?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-2582?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST