CVSS: 10.0EPSS: 15%CPEs: 3EXPL: 0CVE-2010-1283 – Adobe Shockwave Player 0xFFFFFF49 Record Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1283
Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record. Adobe Shockwave Player anterior a v11.5.7.609 no parsea adcuadamente objetos 3D en ficheros .dir (conocido como Director), los cuales permiten a atacantes remotos ejecutar código aleatorio o causar una denegación del servicio (corrupción de la memoria dinámica -heap-) a través de la modificación de un campo del registro 0xFFFFFF49. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the code responsible for parsing 3D objects defined inside Director files. These files are essentially RIFF-based, but stored in big endian format. • http://secunia.com/advisories/38751 http://www.adobe.com/support/security/bulletins/apsb10-12.html http://www.securityfocus.com/archive/1/511253/100/0/threaded http://www.vupen.com/english/advisories/2010/1128 http://www.zerodayinitiative.com/advisories/ZDI-10-088 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7262 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 19%CPEs: 23EXPL: 0CVE-2010-1292 – Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1292
The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. La validación de los paquetes de pami RIFF en Adobe Shockwave Player anterior a v11.5.7.609 no valida un valor determinado desde un fichero antes de realizar los cálculos del puntero al fichero, el cuál permite a atacantes remotos ejecutar código a su elección o causar una denegación del servicio (corrupción de memoria) a través de la manipulación del fichero .dir (conocido como Director) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing Director files. When the application parses the pami RIFF chunk, it trusts an offset value and seeks into the file data. If provided with signed values in the data at the given offset, the process can be made to incorrectly calculate a pointer and operate on the data at it's location. • http://secunia.com/advisories/38751 http://www.adobe.com/support/security/bulletins/apsb10-12.html http://www.securityfocus.com/archive/1/511242/100/0/threaded http://www.vupen.com/english/advisories/2010/1128 http://www.zerodayinitiative.com/advisories/ZDI-10-089 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7416 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 84%CPEs: 41EXPL: 3CVE-2009-3244 – Adobe Shockwave Player 11.5.1.601 - Multiple Code Executions
https://notcve.org/view.php?id=CVE-2009-3244
Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value. Un desbordamiento de búfer en la región heap de la memoria en el control ActiveX de la biblioteca SwDir.dll en Shockwave Player de Adobe versiones 11.5.1.601 y anteriores, permite a los atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de un valor de propiedad PlayerVersion largo. • https://www.exploit-db.com/exploits/10093 https://www.exploit-db.com/exploits/9682 http://securitytracker.com/id?1023123 http://www.adobe.com/support/security/bulletins/apsb09-16.html http://www.exploit-db.com/exploits/9682 http://www.securityfocus.com/bid/36905 http://www.vupen.com/english/advisories/2009/3134 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6530 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •