CVE-2010-0986

8.8 HIGH

Published: May 13, 2010 Modified: April 29, 2026

Description

Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://secunia.com/advisories/38751

Source: PSIRT-CNA@flexerasoftware.com

Not Applicable

http://secunia.com/secunia_research/2010-34/

Source: PSIRT-CNA@flexerasoftware.com

Not Applicable

http://www.adobe.com/support/security/bulletins/apsb10-12.html

Source: PSIRT-CNA@flexerasoftware.com

Patch Vendor Advisory

http://www.securityfocus.com/archive/1/511264/100/0/threaded

Source: PSIRT-CNA@flexerasoftware.com

Third Party Advisory VDB Entry

http://www.securityfocus.com/bid/40086

Source: PSIRT-CNA@flexerasoftware.com

Broken Link Third Party Advisory VDB Entry

http://www.vupen.com/english/advisories/2010/1128

Source: PSIRT-CNA@flexerasoftware.com

Permissions Required

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6967

Source: PSIRT-CNA@flexerasoftware.com

Third Party Advisory

http://secunia.com/advisories/38751