CVSS: 9.3EPSS: 2%CPEs: 43EXPL: 0CVE-2011-2112 – Adobe Shockwave DEMX Chunk Multiple Field Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2112
Multiple buffer overflows in IML32.dll in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer en IML32.dll de Adobe Shockwave Player con anterioridad a v11.6.0.626, permite a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código de su elección mediante vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the TextXtra.x32 module responsible for parsing text elements within RIFF-based Director files. The code within this module trusts various length and count values present in the file. • http://www.adobe.com/support/security/bulletins/apsb11-17.html http://www.us-cert.gov/cas/techalerts/TA11-166A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 43EXPL: 0CVE-2011-2121 – Adobe Shockwave AudioMixer Structure Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2121
Integer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de entero en Adobe Shockwave Player anterior a 11.6.0.626, permite a atacantes ejecutar código de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within AudioMixer.x32 module responsible for parsing mixer structures from within Director movie files (.dir). While handling a size element, the code performs an unchecked multiplication operation which can cause an integer to wrap. • http://osvdb.org/73034 http://www.adobe.com/support/security/bulletins/apsb11-17.html http://www.us-cert.gov/cas/techalerts/TA11-166A.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 55%CPEs: 43EXPL: 0CVE-2011-2118 – Adobe Shockwave tSAC Chunk String Termination Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2118
The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to an "input validation vulnerability." El componente FLV ASSET Xtra en Adobe Shockwave Player anterior a v11.6.0.626 permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, relacionada con una "vulnerabilidad de validación de entrada". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for embedding various file types within the RIFF-based Director file format. Several of the asset modules distributed with Shockwave do not properly extract string values from within embedded media objects. • http://www.adobe.com/support/security/bulletins/apsb11-17.html http://www.us-cert.gov/cas/techalerts/TA11-166A.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 3%CPEs: 42EXPL: 0CVE-2010-2587
https://notcve.org/view.php?id=CVE-2010-2587
The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2588 and CVE-2010-4188. El módulo dirapi.dll en Adobe Shockwave Player anterior a v11.5.9.620 permite a los atacantes ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente que CVE-2010-2588 y CVE-2010-4188. • http://www.adobe.com/support/security/bulletins/apsb11-01.html http://www.securityfocus.com/bid/46316 http://www.securitytracker.com/id?1025056 http://www.vupen.com/english/advisories/2011/0335 https://exchange.xforce.ibmcloud.com/vulnerabilities/65243 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 42EXPL: 0CVE-2010-4093
https://notcve.org/view.php?id=CVE-2010-4093
Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306. Adobe Shockwave Player anterior a v11.5.9.620 permite a atacantes a ejecutar código o provocar una denegación de servicio (corrupción de memoria) a través de vectores no específicos, vulnerabilidad diferente a CVE-2011-0555, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, y CVE-2010-4306. • http://www.adobe.com/support/security/bulletins/apsb11-01.html http://www.kb.cert.org/vuls/id/189929 http://www.securityfocus.com/bid/46321 http://www.securitytracker.com/id?1025056 http://www.vupen.com/english/advisories/2011/0335 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •