IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with a crafted mmap record containing an invalid length of a VSWV entry, a different vulnerability than CVE-2010-4089.
Publish Date : 2010-10-29 Last Update Date : 2011-10-12
| Cvss Score |
9.3 |
| Confidentiality Impact |
Complete
(There is total information disclosure, resulting in all system files being revealed.) |
| Integrity Impact |
Complete
(There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) |
| Availability Impact |
Complete
(There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) |
| Access Complexity |
Medium
(The access conditions are somewhat specialized. Some preconditions must be satistified to exploit) |
| Authentication |
Not required
(Authentication is not required to exploit the vulnerability.) |
| Gained Access |
None |
| Vulnerability Type(s) |
Denial Of ServiceExecute CodeOverflowMemory corruption |
| CWE ID |
119 |
| Title |
Definition Id |
Class |
Family |
|
Denial of service in IML32.dll in Adobe Shockwave Player before 11.5.9.615 via a .dir file with a crafted mmap record co... |
oval:org.mitre.oval:def:12093 |
|
windows |
|
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify
a vulnerability or a missing patch. Check out the OVAL definitions
if you want to learn what you should do to verify a vulnerability.
