CVSS: 9.3EPSS: 15%CPEs: 43EXPL: 0CVE-2011-2119 – Adobe Shockwave rcsL String Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2119
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2122. Dirapi.dll en Adobe Shockwave Player anterior a v11.6.0.626 permite a atacantes ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. Vulnerabilidad distinta de CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335 y CVE-2011-2122. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing the rcsL RIFF chunk within Director files. • http://www.adobe.com/support/security/bulletins/apsb11-17.html http://www.us-cert.gov/cas/techalerts/TA11-166A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 43EXPL: 0CVE-2011-2109 – Adobe Shockwave Font Structure Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2109
Multiple integer overflows in Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors. Múltiples desbordamientos de entero en Dirapi.dll en Adobe Shockwave Player anterior a v11.6.0.626, permite a atacantes ejecutar código de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Font Asset.x32 module responsible for parsing font-related structures within Director movies (.dir). The code within this module extracts and copies strings without any bounds checking. • http://osvdb.org/73033 http://www.adobe.com/support/security/bulletins/apsb11-17.html http://www.us-cert.gov/cas/techalerts/TA11-166A.html • CWE-189: Numeric Errors •