CVSS: 9.8EPSS: 5%CPEs: 11EXPL: 0CVE-2009-2186
https://notcve.org/view.php?id=CVE-2009-2186
24 Jun 2009 — Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2009-1860, related to an older issue that "was previously resolved in Shockwave Player 11.0.0.465." Una vulnerabilidad no especificada en Adobe Shockwave Player anterior a la versión 11.0.0.465 permite que los atacantes remotos ejecuten código arbitrario por medio de vectores desconocidos, una vulnerabilidad diferente de CVE-2009-1860... • http://www.adobe.com/support/security/bulletins/apsb09-08.html •
CVSS: 9.8EPSS: 7%CPEs: 12EXPL: 0CVE-2009-1860 – Adobe Shockwave Player Director File Parsing Pointer Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2009-1860
24 Jun 2009 — Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content. Vulnerabilidad sin especificar en Adobe Shockwave Player anterior a v11.5.0.600 permite a atacantes remotos ejecutar código de su elección a través de contenido Shockwave Player 10 manipulado. This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Shockwave Player. User interaction is required in that a use... • http://secunia.com/advisories/35544 •
CVSS: 10.0EPSS: 23%CPEs: 1EXPL: 2CVE-2007-5941 – Adobe Shockwave - 'ShockwaveVersion()' Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-5941
14 Nov 2007 — Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method. Desbordamiento de búfer basado en pila en el control ActiveX SWCtl.SWCtl en Adobe Shockwave permite a atacantes remotos provocar denegación de servicio y posiblemente ejecutar código de su elección a través de un argumento largo en el método ShockwaveVersion. • https://www.exploit-db.com/exploits/4613 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 37%CPEs: 1EXPL: 0CVE-2007-5275 – Flash plugin DNS rebinding
https://notcve.org/view.php?id=CVE-2007-5275
08 Oct 2007 — The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324. La extensión Adobe Macromedia Flash... • http://crypto.stanford.edu/dns/dns-rebinding.pdf • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 37%CPEs: 9EXPL: 0CVE-2005-3525 – Adobe Macromedia ShockWave Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2005-3525
31 Dec 2005 — Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Macromedia Shockwave. Exploitation requires the target to visit a malicious web site. This specific flaw exists within the ActiveX control with CLSID 166B1BCA-3F9C-11CF-8075-4... • http://secunia.com/advisories/19009 •