Security Portal

Intrusion Prevention Service

Signature Version: 4.982


FILE Adobe Shockwave Director PAMI Chunk Parsing Memory Corruption (CVE-2010-2872)
Threat Level: High
Release Date: 2010/10/20
Category: Access Control
Signature ID: 1054264
Included In:
Affected OS: Windows
Description: A code execution vulnerability exists in Adobe Shockwave player. The vulnerability is due to insufficient sanitation while parsing an offset value in PAMI record of a Director file. Remote attackers can exploit this vulnerability by enticing target users to open a malicious DIR file using a vulnerable version of the product.
Impact: Remote code execution
Recommendation: Update vendor's patch.
False Positive: None
False Negative: None
Additional Information (Links open in new window):
Reference(s): CVE-2010-2872,BID:42679,SA41065,APSB10-20,ZDI-10-161

Search the Threat Database
Enter Rule ID or Name