Strix
26.1K

CVE-2010-2873

UnknownEPSS 6.25%

Last modified

CVE-2010-2873 is a vulnerability of currently unknown severity. Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.. EPSS estimates a 6.25% chance of exploitation in the next 30 days.

Description

Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.

Metrics

EPSS Probability
6.25%

92.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AdobeShockwave Player<= 11.5.7.609
AdobeShockwave Player1.0
AdobeShockwave Player2.0
AdobeShockwave Player3.0
AdobeShockwave Player4.0
AdobeShockwave Player5.0
AdobeShockwave Player6.0
AdobeShockwave Player8.0
AdobeShockwave Player8.0.196
AdobeShockwave Player8.0.196a
AdobeShockwave Player8.0.204
AdobeShockwave Player8.0.205
AdobeShockwave Player8.5.1
AdobeShockwave Player8.5.1.100
AdobeShockwave Player8.5.1.103
AdobeShockwave Player8.5.1.105
AdobeShockwave Player8.5.1.106
AdobeShockwave Player8.5.321
AdobeShockwave Player8.5.323
AdobeShockwave Player8.5.324
AdobeShockwave Player8.5.325
AdobeShockwave Player9
AdobeShockwave Player9.0.383
AdobeShockwave Player9.0.432
AdobeShockwave Player10.0.0.210
AdobeShockwave Player10.0.1.004
AdobeShockwave Player10.1.0.11
AdobeShockwave Player10.1.0.011
AdobeShockwave Player10.1.1.016
AdobeShockwave Player10.1.4.020
AdobeShockwave Player10.2.0.021
AdobeShockwave Player10.2.0.022
AdobeShockwave Player10.2.0.023
AdobeShockwave Player11.0.0.456
AdobeShockwave Player11.0.3.471
AdobeShockwave Player11.5.0.595
AdobeShockwave Player11.5.0.596
AdobeShockwave Player11.5.1.601
AdobeShockwave Player11.5.2.602
AdobeShockwave Player11.5.6.606

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2010-2873?
Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
How severe is CVE-2010-2873?
Severity scoring for CVE-2010-2873 is pending analysis. The EPSS model estimates a 6.25% probability of exploitation in the next 30 days.
How do I fix CVE-2010-2873?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-2873?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST