CVSS: 10.0EPSS: 18%CPEs: 23EXPL: 0CVE-2010-1292 – Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1292
The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. La validación de los paquetes de pami RIFF en Adobe Shockwave Player anterior a v11.5.7.609 no valida un valor determinado desde un fichero antes de realizar los cálculos del puntero al fichero, el cuál permite a atacantes remotos ejecutar código a su elección o causar una denegación del servicio (corrupción de memoria) a través de la manipulación del fichero .dir (conocido como Director) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing Director files. When the application parses the pami RIFF chunk, it trusts an offset value and seeks into the file data. If provided with signed values in the data at the given offset, the process can be made to incorrectly calculate a pointer and operate on the data at it's location. • http://secunia.com/advisories/38751 http://www.adobe.com/support/security/bulletins/apsb10-12.html http://www.securityfocus.com/archive/1/511242/100/0/threaded http://www.vupen.com/english/advisories/2010/1128 http://www.zerodayinitiative.com/advisories/ZDI-10-089 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7416 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 46%CPEs: 3EXPL: 0CVE-2010-1281 – Adobe Shockwave Invalid Offset Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1281
iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. iml32.dll en Adobe Shockwave Player en versiones anteriores a la 11.5.7.609 no valida un cierto valor de un archivo antes de usarlo en los cálculos de punteros de ficheros, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) mediante un fichero .dir (también conocido como Director) manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required in that a target visit a malicious website. The specific flaw exists within the code responsible for parsing Director files. The vulnerable function is exported as an ordinal from the iml32.dll module. Ordinal 1409 trusts a value from the file as an offset and updates pointers accordingly. • http://secunia.com/advisories/38751 http://www.adobe.com/support/security/bulletins/apsb10-12.html http://www.securityfocus.com/archive/1/511252/100/0/threaded http://www.vupen.com/english/advisories/2010/1128 http://www.zerodayinitiative.com/advisories/ZDI-10-087 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7268 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 34%CPEs: 15EXPL: 0CVE-2009-4002
https://notcve.org/view.php?id=CVE-2009-4002
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file. Desbordamiento de búfer basado en memoria dinámica (heap) en Adobe Shockwave Player anterior a v11.5.6.606, permite a atacantes remotos ejecutar código de su elección a través de un modelo manipulado en 3D en un archivo Shockwave • http://secunia.com/advisories/37888 http://secunia.com/secunia_research/2009-61 http://securitytracker.com/id?1023481 http://www.adobe.com/support/security/bulletins/apsb10-03.html http://www.securityfocus.com/archive/1/509062/100/0/threaded http://www.securityfocus.com/bid/37870 http://www.vupen.com/english/advisories/2010/0171 https://exchange.xforce.ibmcloud.com/vulnerabilities/55758 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8311 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 21%CPEs: 15EXPL: 0CVE-2009-4003
https://notcve.org/view.php?id=CVE-2009-4003
Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption. Múltiples desbordamiento de búfer basados en entero en Adobe Shockwave Player en versiones anteriores a la 11.5.6.606 permiten a atacantes remotos ejecutar código de su elección mediante (1) un tipo de bloque no especificado en un fichero Shockwave, que genera un desbordamiento de búfer basado en pila; y pueden permitir a atacantes remotos ejecutar código de su elección mediante (2) un bloque 3D no especificado en un fichero Shockwave que genera una corrupción de memoria; o (3) un modelo 3D manipulado en un fichero Shockwave que genera una corrupción de la pila. • http://secunia.com/advisories/37888 http://secunia.com/secunia_research/2009-62 http://secunia.com/secunia_research/2009-63 http://secunia.com/secunia_research/2010-1 http://securitytracker.com/id?1023481 http://www.adobe.com/support/security/bulletins/apsb10-03.html http://www.securityfocus.com/archive/1/509053/100/0/threaded http://www.securityfocus.com/archive/1/509055/100/0/threaded http://www.securityfocus.com/archive/1/509058/100/0/threaded http://www.securityfocus&# • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 84%CPEs: 41EXPL: 3CVE-2009-3244 – Adobe Shockwave Player 11.5.1.601 - Multiple Code Executions
https://notcve.org/view.php?id=CVE-2009-3244
Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value. Un desbordamiento de búfer en la región heap de la memoria en el control ActiveX de la biblioteca SwDir.dll en Shockwave Player de Adobe versiones 11.5.1.601 y anteriores, permite a los atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de un valor de propiedad PlayerVersion largo. • https://www.exploit-db.com/exploits/10093 https://www.exploit-db.com/exploits/9682 http://securitytracker.com/id?1023123 http://www.adobe.com/support/security/bulletins/apsb09-16.html http://www.exploit-db.com/exploits/9682 http://www.securityfocus.com/bid/36905 http://www.vupen.com/english/advisories/2009/3134 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6530 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •