CVE-2010-4188 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2010-4188

Deferred

More Info Official Page

Source-psirt@adobe.com

Published At-10 Feb, 2011 | 16:00

Updated At-11 Apr, 2025 | 00:51

The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk with a size field of 0, which is used in the calculation of a file offset and causes invalid data to be used as a loop counter, triggering a heap-based buffer overflow, a different vulnerability than CVE-2010-2587 and CVE-2010-2588.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C

CPE Matches

>>shockwave_player>>Versions up to 11.5.9.615(inclusive)

cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*

>>shockwave_player>>1.0

cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*

>>shockwave_player>>2.0

cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*

>>shockwave_player>>3.0

cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*

>>shockwave_player>>4.0

cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*

>>shockwave_player>>5.0

cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*

>>shockwave_player>>6.0

cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*

>>shockwave_player>>8.0

cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*

>>shockwave_player>>8.0.196

cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*

>>shockwave_player>>8.0.196a

cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*

>>shockwave_player>>8.0.204

cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*

>>shockwave_player>>8.0.205

cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*

>>shockwave_player>>8.5.1

cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*

>>shockwave_player>>8.5.1.100

cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*

>>shockwave_player>>8.5.1.103

cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*

>>shockwave_player>>8.5.1.105

cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*

>>shockwave_player>>8.5.1.106

cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*

>>shockwave_player>>8.5.321

cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*

>>shockwave_player>>8.5.323

cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*

>>shockwave_player>>8.5.324

cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*

>>shockwave_player>>8.5.325

cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*

>>shockwave_player>>9

cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*

>>shockwave_player>>9.0.383

cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*

>>shockwave_player>>9.0.432

cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*

>>shockwave_player>>10.0.0.210

cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*

>>shockwave_player>>10.0.1.004

cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*

>>shockwave_player>>10.1.0.11

cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*

>>shockwave_player>>10.1.0.011

cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*

>>shockwave_player>>10.1.1.016

cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*

>>shockwave_player>>10.1.4.020

cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*

>>shockwave_player>>10.2.0.021

cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*

>>shockwave_player>>10.2.0.022

cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*

>>shockwave_player>>10.2.0.023

cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*

>>shockwave_player>>11.0.0.456

cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*

>>shockwave_player>>11.0.3.471

cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*

>>shockwave_player>>11.5.0.595

cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*

>>shockwave_player>>11.5.0.596

cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*

>>shockwave_player>>11.5.1.601

cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*

>>shockwave_player>>11.5.2.602

cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*

>>shockwave_player>>11.5.6.606

cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*

>>shockwave_player>>11.5.7.609

cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*

>>shockwave_player>>11.5.8.612

cpe:2.3:a:adobe:shockwave_player:11.5.8.612:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-119	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://dvlabs.tippingpoint.com/advisory/TPTI-11-01	psirt@adobe.com	N/A
http://www.adobe.com/support/security/bulletins/apsb11-01.html	psirt@adobe.com	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/516332/100/0/threaded	psirt@adobe.com	N/A
http://www.securityfocus.com/bid/46319	psirt@adobe.com	N/A
http://www.securitytracker.com/id?1025056	psirt@adobe.com	N/A
http://www.vupen.com/english/advisories/2011/0335	psirt@adobe.com	Vendor Advisory
http://dvlabs.tippingpoint.com/advisory/TPTI-11-01	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.adobe.com/support/security/bulletins/apsb11-01.html	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/516332/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/46319	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securitytracker.com/id?1025056	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2011/0335	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory