cpe:/a:adobe:shockwave_player:1.0 cpe:/a:adobe:shockwave_player:2.0 cpe:/a:adobe:shockwave_player:3.0 cpe:/a:adobe:shockwave_player:4.0 cpe:/a:adobe:shockwave_player:5.0 cpe:/a:adobe:shockwave_player:6.0 cpe:/a:adobe:shockwave_player:8.0 cpe:/a:adobe:shockwave_player:8.5.1 cpe:/a:adobe:shockwave_player:9 cpe:/a:adobe:shockwave_player:10.1.0.11 cpe:/a:adobe:shockwave_player:11.0.0.456 cpe:/a:adobe:shockwave_player:11.5.0.595 cpe:/a:adobe:shockwave_player:11.5.0.596 cpe:/a:adobe:shockwave_player:11.5.1.601 cpe:/a:adobe:shockwave_player:11.5.2.602 cpe:/a:adobe:shockwave_player:11.5.6.606 CVE-2010-1292 2010-05-13T13:30:02.157-04:00 2017-09-18T21:30:40.393-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-05-14T13:17:00.000-04:00 BUGTRAQ 20100511 ZDI-10-089: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability SECUNIA 38751 VUPEN ADV-2010-1128 CONFIRM http://www.adobe.com/support/security/bulletins/apsb10-12.html MISC http://www.zerodayinitiative.com/advisories/ZDI-10-089/ The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.