Vulnerability Note VU#189929
Adobe Shockwave 184.108.40.2065 contains multiple memory corruption vulnerabilities
Adobe Shockwave Player 220.127.116.115 and earlier versions on the Windows and Macintosh operating systems contain critical vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe Director. Shockwave Player is available as an ActiveX control for Internet Explorer and as a plug-in for other web browsers.
Multiple vulnerabilities have been discovered in Shockwave Player and its Xtra components that can be exploited by an attacker to execute arbitrary code on a user's system. More details are available in Adobe Security Bulletin APSB11-01.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), Microsoft Office document, or any other document that supports embedded Shockwave content, an attacker may be able to execute arbitrary code
Apply an update
Limit access to Director files
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Adobe||Unknown||27 Oct 2010||27 Oct 2010|
CVSS Metrics (Learn More)
These vulnerabilities were reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
- CVE IDs: CVE-2010-4093 CVE-2010-4193 CVE-2010-4194 CVE-2010-4195 CVE-2010-4196
- Date Public: 08 Feb 2011
- Date First Published: 11 Feb 2011
- Date Last Updated: 28 Mar 2012
- Severity Metric: 7.65
- Document Revision: 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.