CVSS: 9.3EPSS: 15%CPEs: 43EXPL: 0CVE-2011-2119 – Adobe Shockwave rcsL String Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2119
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2122. Dirapi.dll en Adobe Shockwave Player anterior a v11.6.0.626 permite a atacantes ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. Vulnerabilidad distinta de CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335 y CVE-2011-2122. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing the rcsL RIFF chunk within Director files. • http://www.adobe.com/support/security/bulletins/apsb11-17.html http://www.us-cert.gov/cas/techalerts/TA11-166A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 43EXPL: 0CVE-2011-2109 – Adobe Shockwave Font Structure Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2109
Multiple integer overflows in Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors. Múltiples desbordamientos de entero en Dirapi.dll en Adobe Shockwave Player anterior a v11.6.0.626, permite a atacantes ejecutar código de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Font Asset.x32 module responsible for parsing font-related structures within Director movies (.dir). The code within this module extracts and copies strings without any bounds checking. • http://osvdb.org/73033 http://www.adobe.com/support/security/bulletins/apsb11-17.html http://www.us-cert.gov/cas/techalerts/TA11-166A.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 3%CPEs: 42EXPL: 0CVE-2010-2589
https://notcve.org/view.php?id=CVE-2010-2589
Integer overflow in the dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de enteros en el módulo dirapi.dll en Adobe Shockwave Player anterior a v11.5.9.620 permite a los atacantes ejecutar código de su elección a través de vectores no especificados. • http://www.adobe.com/support/security/bulletins/apsb11-01.html http://www.securityfocus.com/bid/46329 http://www.securitytracker.com/id?1025056 http://www.vupen.com/english/advisories/2011/0335 https://exchange.xforce.ibmcloud.com/vulnerabilities/65245 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 1%CPEs: 42EXPL: 0CVE-2010-4196
https://notcve.org/view.php?id=CVE-2010-4196
The Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors. El módulo Shockwave 3d Asset de Adobe Shockwave Player en versiones anteriores a la 11.5.9.620 no valida apropiadamente datos de entrada sin especificar, lo que permite a atacantes ejecutar código de su elección a través de vectores desconocidos. • http://www.adobe.com/support/security/bulletins/apsb11-01.html http://www.kb.cert.org/vuls/id/189929 http://www.securityfocus.com/bid/46338 http://www.securitytracker.com/id?1025056 http://www.vupen.com/english/advisories/2011/0335 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 42EXPL: 0CVE-2010-4194
https://notcve.org/view.php?id=CVE-2010-4194
The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors. El módulo dirapi.dll en Adobe Shockwave Player anterior a v11.5.9.620 no valida de forma adecuada datos de entrada no especificada, lo que permite a atacantes a ejecutar código de a través de vectores no especificados. • http://www.adobe.com/support/security/bulletins/apsb11-01.html http://www.kb.cert.org/vuls/id/189929 http://www.securityfocus.com/bid/46335 http://www.securitytracker.com/id?1025056 http://www.vupen.com/english/advisories/2011/0335 • CWE-20: Improper Input Validation •