CVSS: 10.0EPSS: 5%CPEs: 23EXPL: 0CVE-2010-1292 – Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1292
11 May 2010 — The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. La validación de los paquetes de pami RIFF en Adobe Shockwave Player anterior a v11.5.7.609 no valida un valor determinado desde un fichero antes de realizar los cálculos del puntero al... • http://secunia.com/advisories/38751 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 10%CPEs: 3EXPL: 0CVE-2010-1283 – Adobe Shockwave Player 0xFFFFFF49 Record Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1283
11 May 2010 — Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record. Adobe Shockwave Player anterior a v11.5.7.609 no parsea adcuadamente objetos 3D en ficheros .dir (conocido como Director), los cuales permiten a atacantes remotos ejecutar código aleatorio o causar una denegación del servicio (corrupción de la memoria... • http://secunia.com/advisories/38751 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 17%CPEs: 15EXPL: 0CVE-2009-4003
https://notcve.org/view.php?id=CVE-2009-4003
21 Jan 2010 — Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption. Múltiples desbordamiento de búfer basados en entero en Adobe Shockwave P... • http://secunia.com/advisories/37888 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 21%CPEs: 15EXPL: 0CVE-2009-4002
https://notcve.org/view.php?id=CVE-2009-4002
21 Jan 2010 — Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file. Desbordamiento de búfer basado en memoria dinámica (heap) en Adobe Shockwave Player anterior a v11.5.6.606, permite a atacantes remotos ejecutar código de su elección a través de un modelo manipulado en 3D en un archivo Shockwave • http://secunia.com/advisories/37888 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 7%CPEs: 14EXPL: 0CVE-2009-3463
https://notcve.org/view.php?id=CVE-2009-3463
04 Nov 2009 — Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information. Error de indexación de array en Adobe Shockwave Player anterior a v11.5.2.602, permite a atacantes remotos ejecutar código de su elección a través de un contenido Shockwave manipulado en un sitios web. NOTA: algunos de estos detalles han sido obtenidos a partir de información de terc... • http://securitytracker.com/id?1023123 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 4%CPEs: 14EXPL: 0CVE-2009-3466
https://notcve.org/view.php?id=CVE-2009-3466
04 Nov 2009 — Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information. Adobe Shockwave Player anterior a v11.5.2.602, permite a atacantes remotos ejecutar código de su elección a través de una página web manipulada que provoca una corrupción de memoria. Relacionado con la "vulnerabilidad de longitud de cadena i... • http://securitytracker.com/id?1023123 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 11%CPEs: 14EXPL: 0CVE-2009-3464
https://notcve.org/view.php?id=CVE-2009-3464
04 Nov 2009 — Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information. Adobe Shockwave Player anerior a v11.5.2.602, permite a atacantes remotos ejecutar código de su elección a través un contenido Shockwave manipulado en una página web. Relacionado con la "vulnerabilidad de puntero inválid... • http://securitytracker.com/id?1023123 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 11%CPEs: 14EXPL: 0CVE-2009-3465
https://notcve.org/view.php?id=CVE-2009-3465
04 Nov 2009 — Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information. Adobe Shockwave Player anerior a v11.5.2.602, permite a atacantes remotos ejecutar código de su elección a través un contenido Shockwave manipulado en una página web. Relacionado con la "vulnerabilidad de puntero inválid... • http://securitytracker.com/id?1023123 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 46%CPEs: 41EXPL: 3CVE-2009-3244 – Adobe Shockwave Player 11.5.1.601 - Multiple Code Executions
https://notcve.org/view.php?id=CVE-2009-3244
18 Sep 2009 — Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value. Un desbordamiento de búfer en la región heap de la memoria en el control ActiveX de la biblioteca SwDir.dll en Shockwave Player de Adobe versiones 11.5.1.601 y anteriores, permite a los atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbi... • https://www.exploit-db.com/exploits/10093 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 5%CPEs: 11EXPL: 0CVE-2009-2186
https://notcve.org/view.php?id=CVE-2009-2186
24 Jun 2009 — Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2009-1860, related to an older issue that "was previously resolved in Shockwave Player 11.0.0.465." Una vulnerabilidad no especificada en Adobe Shockwave Player anterior a la versión 11.0.0.465 permite que los atacantes remotos ejecuten código arbitrario por medio de vectores desconocidos, una vulnerabilidad diferente de CVE-2009-1860... • http://www.adobe.com/support/security/bulletins/apsb09-08.html •