Strix
26.1K

CVE-2010-2874

UnknownEPSS 4.52%

Last modified

CVE-2010-2874 is a vulnerability of currently unknown severity. Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. NOTE: due to conflicting information and use of the same CVE identifier by the vendor, ZDI, and TippingPoint, it is not clear whether this issue is related to use of an uninitialized pointer, an incorrect pointer offset calculation, or both.. EPSS estimates a 4.52% chance of exploitation in the next 30 days.

Description

Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. NOTE: due to conflicting information and use of the same CVE identifier by the vendor, ZDI, and TippingPoint, it is not clear whether this issue is related to use of an uninitialized pointer, an incorrect pointer offset calculation, or both.

Metrics

EPSS Probability
4.52%

90.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AdobeShockwave Player<= 11.5.7.609
AdobeShockwave Player1.0
AdobeShockwave Player2.0
AdobeShockwave Player3.0
AdobeShockwave Player4.0
AdobeShockwave Player5.0
AdobeShockwave Player6.0
AdobeShockwave Player8.0
AdobeShockwave Player8.0.196
AdobeShockwave Player8.0.196a
AdobeShockwave Player8.0.204
AdobeShockwave Player8.0.205
AdobeShockwave Player8.5.1
AdobeShockwave Player8.5.1.100
AdobeShockwave Player8.5.1.103
AdobeShockwave Player8.5.1.105
AdobeShockwave Player8.5.1.106
AdobeShockwave Player8.5.321
AdobeShockwave Player8.5.323
AdobeShockwave Player8.5.324
AdobeShockwave Player8.5.325
AdobeShockwave Player9
AdobeShockwave Player9.0.383
AdobeShockwave Player9.0.432
AdobeShockwave Player10.0.0.210
AdobeShockwave Player10.0.1.004
AdobeShockwave Player10.1.0.11
AdobeShockwave Player10.1.0.011
AdobeShockwave Player10.1.1.016
AdobeShockwave Player10.1.4.020
AdobeShockwave Player10.2.0.021
AdobeShockwave Player10.2.0.022
AdobeShockwave Player10.2.0.023
AdobeShockwave Player11.0.0.456
AdobeShockwave Player11.0.3.471
AdobeShockwave Player11.5.0.595
AdobeShockwave Player11.5.0.596
AdobeShockwave Player11.5.1.601
AdobeShockwave Player11.5.2.602
AdobeShockwave Player11.5.6.606

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2010-2874?
Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. NOTE: due to conflicting information and use of the same CVE identifier by the vendor, ZDI, and TippingPoint, it is not clear whether this issue is related to use of an uninitialized pointer, an incorrect pointer offset calculation, or both.
How severe is CVE-2010-2874?
Severity scoring for CVE-2010-2874 is pending analysis. The EPSS model estimates a 4.52% probability of exploitation in the next 30 days.
How do I fix CVE-2010-2874?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-2874?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST