CVSS: 9.3EPSS: 2%CPEs: 43EXPL: 0CVE-2011-2121 – Adobe Shockwave AudioMixer Structure Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2121
Integer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de entero en Adobe Shockwave Player anterior a 11.6.0.626, permite a atacantes ejecutar código de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within AudioMixer.x32 module responsible for parsing mixer structures from within Director movie files (.dir). While handling a size element, the code performs an unchecked multiplication operation which can cause an integer to wrap. • http://osvdb.org/73034 http://www.adobe.com/support/security/bulletins/apsb11-17.html http://www.us-cert.gov/cas/techalerts/TA11-166A.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 55%CPEs: 43EXPL: 0CVE-2011-2118 – Adobe Shockwave tSAC Chunk String Termination Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2118
The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to an "input validation vulnerability." El componente FLV ASSET Xtra en Adobe Shockwave Player anterior a v11.6.0.626 permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, relacionada con una "vulnerabilidad de validación de entrada". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for embedding various file types within the RIFF-based Director file format. Several of the asset modules distributed with Shockwave do not properly extract string values from within embedded media objects. • http://www.adobe.com/support/security/bulletins/apsb11-17.html http://www.us-cert.gov/cas/techalerts/TA11-166A.html • CWE-20: Improper Input Validation •