CVSS: 9.3EPSS: 13%CPEs: 41EXPL: 0CVE-2010-2581
https://notcve.org/view.php?id=CVE-2010-2581
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director file containing a crafted pamm chunk with an invalid (1) size and (2) number of sub-chunks, a different vulnerability than CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088. La biblioteca dirapi.dll en Shockwave Player de Adobe anterior a versión 11.5.9.615, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) por medio de un archivo Director que contiene un fragmento pamm especialmente diseñado con un (1) tamaño y (2) número de sub fragmentos no válidos, una vulnerabilidad diferente de CVE-2010-4084, CVE-2010-4085, CVE-2010-4086 y CVE-2010-4088. • http://secunia.com/secunia_research/2010-113 http://www.adobe.com/support/security/bulletins/apsb10-25.html http://www.securityfocus.com/archive/1/514559/100/0/threaded http://www.securitytracker.com/id?1024664 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12185 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 12%CPEs: 41EXPL: 0CVE-2010-4084
https://notcve.org/view.php?id=CVE-2010-4084
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088. dirapi.dll en Adobe Shockwave Player anterior a v11.5.9.615 permite a los atacantes ejecutar código a su elección o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente que CVE-2010-2581, CVE-2010-4085, CVE-2010-4086, y CVE-2010-4088. • http://www.adobe.com/support/security/bulletins/apsb10-25.html http://www.securitytracker.com/id?1024664 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12265 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 62%CPEs: 41EXPL: 0CVE-2010-3655 – Adobe Shockwave Player Lnam Chunk String Processing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3655
Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en pila en dirapi.dll de Adobe Shockwave Player anterior a v11.5.9.615 permite a los atacantes ejecutar código a su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for parsing Director movies. The .dir format is RIFF-based and is parsed mainly by the dirapi.dll module distributed with Shockwave. • http://www.adobe.com/support/security/bulletins/apsb10-25.html http://www.securitytracker.com/id?1024664 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12077 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 7%CPEs: 41EXPL: 0CVE-2010-4090 – Adobe Shockwave Player Director File SetVertexArray Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4090
Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Shockwave Player anterior a v11.5.9.615 permite a los atacantes ejecutar código a su elección o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within code responsible for parsing Director files (.dir). When handling the 3D record type 0xFFFFFF89. • http://www.adobe.com/support/security/bulletins/apsb10-25.html http://www.securitytracker.com/id?1024664 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12199 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 88%CPEs: 40EXPL: 4CVE-2010-3653 – Adobe Shockwave Player - rcsL Memory Corruption
https://notcve.org/view.php?id=CVE-2010-3653
The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information. El módulo Director (biblioteca dirapi.dll) en Shockwave Player de Adobe anterior a versión 11.5.9.615, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) por medio de una película de Director con un fragmento rcsL diseñado que contiene un campo cuyo valor se utiliza como un desplazamiento de puntero, como se explotó “in the wild” en octubre de 2010. NOTA: algunos de estos datos se obtienen de la información de terceros. • https://www.exploit-db.com/exploits/16594 https://www.exploit-db.com/exploits/15296 http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day http://www.adobe.com/support/security/bulletins/apsb10-25.html http://www.exploit-db.com/exploits/15296 http://www.kb.cert.org/vuls/id/402231 http://www.securityfocus.com/bid/44291 http://www.securitytracker.com/id?1024635 http://www.vupen.com/english/advisories/2010/2752 https://exchange.xfor • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •