CVSS: 9.3EPSS: 5%CPEs: 3EXPL: 0CVE-2010-0127
https://notcve.org/view.php?id=CVE-2010-0127
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file. Adobe Shockwave Player en versiones anteriores a la 11.5.7.609 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) mediante bloques Shockwave 3D FFFFFF45h manipulados en un fichero Shockwave. • http://secunia.com/advisories/38751 http://secunia.com/secunia_research/2010-17 http://www.adobe.com/support/security/bulletins/apsb10-12.html http://www.securityfocus.com/archive/1/511260/100/0/threaded http://www.vupen.com/english/advisories/2010/1128 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7477 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 4%CPEs: 3EXPL: 0CVE-2010-0129
https://notcve.org/view.php?id=CVE-2010-0129
Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error. Múltiples desbordamientos de enteros en Adobe Shockwave Player en versiones anteriores a la 11.5.7.609 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código de su elección mediante un fichero .dir (también conocido como Director) manipulado que dispara un error de indice de matriz. • http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html http://hi.baidu.com/fs_fx/blog/item/fa74a61705b5e24621a4e951.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869 http://secunia.com/advisories/38751 http://secunia.com/secunia_research/2010-20 http://www.adobe.com/support/security/bulletins/apsb10-12.html http://www.securityfocus.com/archive/1/511256/100/0/threaded http://www.securityfocus.com/archive/1/511262/100/0/threaded http://www& • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 3%CPEs: 3EXPL: 0CVE-2010-1282
https://notcve.org/view.php?id=CVE-2010-1282
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file. Adobe Shockwave Player anterior a v11.5.7.609 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de la manipulación del tamaño de un fichero .dir (también conocido como Director) • http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html http://hi.baidu.com/fs_fx/blog/item/f8de1d18ba8c9b76dbb4bd56.html http://www.adobe.com/support/security/bulletins/apsb10-12.html http://www.securityfocus.com/archive/1/511254/100/0/threaded http://www.securityfocus.com/bid/40088 http://www.vupen.com/english/advisories/2010/1128 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7388 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.3EPSS: 8%CPEs: 3EXPL: 3CVE-2010-1280 – Adobe Shockwave Player 11.5.6.606 - 'DIR' Multiple Memory Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-1280
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file. Adobe Shockwave Player en versiones anteriores a la 11.5.7.609 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) mediante un fichero .dir (también conocido como Director) manipulado, relacionado con (1) una dereferencia errónea y (2) un cierto fichero Shock.dir. Shockwave Player versions 11.5.6.606 and below from Adobe suffer from memory consumption / corruption and buffer overflow vulnerabilities that can aid the attacker in causing a denial of service scenario and arbitrary code execution. The vulnerable software fails to sanitize user input when processing .dir files resulting in a crash and overwrite of a few memory registers. • https://www.exploit-db.com/exploits/12578 http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html http://secunia.com/advisories/38751 http://www.adobe.com/support/security/bulletins/apsb10-12.html http://www.securityfocus.com/archive/1/511257/100/0/threaded http://www.vupen.com/english/advisories/2010/1128 http://www.zeroscience.mk/codes/shockwave_mem.txt http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php https://oval.cisecurity.org/repository/search/d • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 8%CPEs: 4EXPL: 0CVE-2010-0128
https://notcve.org/view.php?id=CVE-2010-0128
Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation. Error de presencia de signo entero en dirapi.dll en Adobe Shockwave Player en versiones anteriores a la 11.5.7.609 y Adobe Director en versiones anteriores a la 11.5.7.609 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código de su elección mediante un fichero .dir (también conocido como Director) manipulado que dispara una operación de lectura inválida. • http://secunia.com/advisories/38751 http://secunia.com/secunia_research/2010-19 http://www.adobe.com/support/security/bulletins/apsb10-12.html http://www.coresecurity.com/content/adobe-director-invalid-read http://www.securityfocus.com/archive/1/511240/100/0/threaded http://www.securityfocus.com/archive/1/511261/100/0/threaded http://www.vupen.com/english/advisories/2010/1128 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7273 • CWE-787: Out-of-bounds Write •