VYPR
← All advisories
Unrated severityNVD Advisory· Published May 13, 2010· Updated Apr 29, 2026

CVE-2010-1292

CVE-2010-1292

Description

The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.

Affected products

17
  • Adobe Inc./Shockwave Player17 versions
    cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*range: <=11.5.6.606
    • cpe:2.3:a:adobe:shockwave_player:-:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.