CVSS: 10.0EPSS: 17%CPEs: 40EXPL: 0CVE-2010-2871 – Adobe Shockwave Player Director File FFFFFF45 Record Processing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2871
Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record in a Director movie. Desbordamiento de entero en la funcionalidad 3D en Adobe Shockwave Player anterior a 11.5.8.612, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria dinámica -heap-) o la ejecución de código de su elección a través de un tamaño con un valor manipulado en un registro 0xFFFFFF45 RIFF en una película de Director. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support for 3D objects. While parsing the 0xFFFFFF45 RIFF record type, the process performs arithmetic on a size value and uses the result for a heap-based allocation. • http://www.adobe.com/support/security/bulletins/apsb10-20.html http://www.securityfocus.com/archive/1/513305/100/0/threaded http://www.securitytracker.com/id?1024361 http://www.vupen.com/english/advisories/2010/2176 http://www.zerodayinitiative.com/advisories/ZDI-10-160 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11970 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 35%CPEs: 40EXPL: 0CVE-2010-2873 – Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2873
Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie. Adobe Shockwave Player anterior a v11.5.8.612 no valida correctamente valores de offset (desplazamiento de pedazo) en el rcsL RIFF manipulado de (1) .DIR y (2) películas .DCR de Director, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria dinámica) o ejecutar código de su elección a través de una película manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the rcsL RIFF chunk within director files of extension DIR or DCR. While parsing this undocumented structure, the application blindly trusts an offset value and uses it while operating on heap memory. • http://www.adobe.com/support/security/bulletins/apsb10-20.html http://www.securityfocus.com/archive/1/513307/100/0/threaded http://www.securityfocus.com/bid/42682 http://www.securitytracker.com/id?1024361 http://www.vupen.com/english/advisories/2010/2176 http://www.zerodayinitiative.com/advisories/ZDI-10-162 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12042 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 13%CPEs: 40EXPL: 0CVE-2010-2874 – Adobe Shockwave Director tSAC Chunk Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2874
Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. NOTE: due to conflicting information and use of the same CVE identifier by the vendor, ZDI, and TippingPoint, it is not clear whether this issue is related to use of an uninitialized pointer, an incorrect pointer offset calculation, or both. Vulnerabilidad sin especificar en Adobe Shockwave Player anterior a v11.5.8.612 permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos que desencadenan una corrupción de memoria. NOTA: debido al conflicto de información y uso del mismo identificador CVE por el fabricante, ZDI y TippingPoint, no está claro si este problema está relacionado con el uso de un puntero sin inicializar, un cálculo de desplazamiento de puntero incorrecto o ambos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. • http://www.adobe.com/support/security/bulletins/apsb10-20.html http://www.securitytracker.com/id?1024361 http://www.vupen.com/english/advisories/2010/2176 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11924 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 35%CPEs: 40EXPL: 0CVE-2010-2876 – Adobe Shockwave Player Director File FFFFFF88 Record Processing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2876
Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie. Adobe Shockwave Player anterior a v11.5.8.612 no valida adecuadamente los valores asociados con el cálculo del tamaño de búfer para un registro 0xFFFFFFF8 en archivos (1) .dir o (2) .dcr de una película de Director, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria dinámica -heap-) o ejecutar código de su elección a través de una película manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing .dir and .dcr files. The director file format is RIFF based. • http://www.adobe.com/support/security/bulletins/apsb10-20.html http://www.securityfocus.com/archive/1/513312/100/0/threaded http://www.securitytracker.com/id?1024361 http://www.vupen.com/english/advisories/2010/2176 http://www.zerodayinitiative.com/advisories/ZDI-10-164 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11805 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 35%CPEs: 40EXPL: 0CVE-2010-2872 – Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2872
Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted movie. Adobe Shockwave Player anterior a v11.5.8.612 no valida correctamente un valor de desplazamiento en el fragmento pami RIFF en una película Director, el cual puede permitir a atacantes remotos producir una denegación de servicio (corrupción de memoria) o ejecutar código arbitrario mediante una película manipulada This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing Director files. When the application parses the pami RIFF chunk, it trusts an offset value and seeks into the file data. If provided with signed values in the data at the given offset, the process can be made to incorrectly calculate a pointer and operate on the data at it's location. • http://www.adobe.com/support/security/bulletins/apsb10-20.html http://www.securityfocus.com/archive/1/513306/100/0/threaded http://www.securitytracker.com/id?1024361 http://www.vupen.com/english/advisories/2010/2176 http://www.zerodayinitiative.com/advisories/ZDI-10-161 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11889 • CWE-20: Improper Input Validation •