Security Portal

Intrusion Prevention Service

 
Signature Version: 4.956

 



FILE Adobe Shockwave Director PAMI Chunk Parsing Memory Corruption (CVE-2010-2872)
 
Threat Level: High
Release Date: 2010/10/20
 
Category: Access Control
Signature ID: 1054264
Included In:
Affected OS: Windows
 
Description: A code execution vulnerability exists in Adobe Shockwave player. The vulnerability is due to insufficient sanitation while parsing an offset value in PAMI record of a Director file. Remote attackers can exploit this vulnerability by enticing target users to open a malicious DIR file using a vulnerable version of the product.
 
Impact: Remote code execution
Recommendation: Update vendor's patch.
 
False Positive: None
False Negative: None
 
Additional Information (Links open in new window):
Reference(s): CVE-2010-2872,BID:42679,SA41065,APSB10-20,ZDI-10-161
 

Search the Threat Database
Enter Rule ID or Name