CVE-2010-1289
https://notcve.org/view.php?id=CVE-2010-1289
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291. Adobe Shockwave Player en versiones anteriores a la 11.5.7.609 permite a atacantes provocar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código de su elección mediante vectores no especificados, una vulnerabilidad diferente a CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291. • http://secunia.com/advisories/38751 http://www.adobe.com/support/security/bulletins/apsb10-12.html http://www.securityfocus.com/bid/40087 http://www.vupen.com/english/advisories/2010/1128 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6652 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-1292 – Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1292
The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. La validación de los paquetes de pami RIFF en Adobe Shockwave Player anterior a v11.5.7.609 no valida un valor determinado desde un fichero antes de realizar los cálculos del puntero al fichero, el cuál permite a atacantes remotos ejecutar código a su elección o causar una denegación del servicio (corrupción de memoria) a través de la manipulación del fichero .dir (conocido como Director) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing Director files. When the application parses the pami RIFF chunk, it trusts an offset value and seeks into the file data. If provided with signed values in the data at the given offset, the process can be made to incorrectly calculate a pointer and operate on the data at it's location. • http://secunia.com/advisories/38751 http://www.adobe.com/support/security/bulletins/apsb10-12.html http://www.securityfocus.com/archive/1/511242/100/0/threaded http://www.vupen.com/english/advisories/2010/1128 http://www.zerodayinitiative.com/advisories/ZDI-10-089 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7416 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2000-0041
https://notcve.org/view.php?id=CVE-2000-0041
Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack. • http://www.securityfocus.com/bid/890 •
CVE-1999-1077
https://notcve.org/view.php?id=CVE-1999-1077
Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock. • http://marc.info/?l=bugtraq&m=94149318124548&w=2 http://www.securityfocus.com/bid/756 •
CVE-1999-1076
https://notcve.org/view.php?id=CVE-1999-1076
Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session. • http://marc.info/?l=bugtraq&m=94096348604173&w=2 http://www.securityfocus.com/bid/745 •