CVE-2010-2866

Name of the Vulnerable Software and Affected Versions Adobe Shockwave Player versions prior to 11.5.8.612

Description The issue is related to an integer signedness error in the DIRAPI module, which can be exploited by remote attackers to cause memory corruption or execute arbitrary code. This is achieved by manipulating a count value associated with an undocumented structure and the tSAC chunk in a Director movie.

Recommendations For versions prior to 11.5.8.612, update to version 11.5.8.612 or later to resolve the issue. As a temporary workaround, consider restricting the execution of Director movies from untrusted sources until the update is applied.