CVE-2010-1283 – Adobe Shockwave Player 0xFFFFFF49 Record Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1283
Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record. Adobe Shockwave Player anterior a v11.5.7.609 no parsea adcuadamente objetos 3D en ficheros .dir (conocido como Director), los cuales permiten a atacantes remotos ejecutar código aleatorio o causar una denegación del servicio (corrupción de la memoria dinámica -heap-) a través de la modificación de un campo del registro 0xFFFFFF49. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the code responsible for parsing 3D objects defined inside Director files. These files are essentially RIFF-based, but stored in big endian format. • http://secunia.com/advisories/38751 http://www.adobe.com/support/security/bulletins/apsb10-12.html http://www.securityfocus.com/archive/1/511253/100/0/threaded http://www.vupen.com/english/advisories/2010/1128 http://www.zerodayinitiative.com/advisories/ZDI-10-088 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7262 • CWE-787: Out-of-bounds Write •
CVE-2010-1292 – Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1292
The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. La validación de los paquetes de pami RIFF en Adobe Shockwave Player anterior a v11.5.7.609 no valida un valor determinado desde un fichero antes de realizar los cálculos del puntero al fichero, el cuál permite a atacantes remotos ejecutar código a su elección o causar una denegación del servicio (corrupción de memoria) a través de la manipulación del fichero .dir (conocido como Director) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing Director files. When the application parses the pami RIFF chunk, it trusts an offset value and seeks into the file data. If provided with signed values in the data at the given offset, the process can be made to incorrectly calculate a pointer and operate on the data at it's location. • http://secunia.com/advisories/38751 http://www.adobe.com/support/security/bulletins/apsb10-12.html http://www.securityfocus.com/archive/1/511242/100/0/threaded http://www.vupen.com/english/advisories/2010/1128 http://www.zerodayinitiative.com/advisories/ZDI-10-089 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7416 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-4002
https://notcve.org/view.php?id=CVE-2009-4002
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file. Desbordamiento de búfer basado en memoria dinámica (heap) en Adobe Shockwave Player anterior a v11.5.6.606, permite a atacantes remotos ejecutar código de su elección a través de un modelo manipulado en 3D en un archivo Shockwave • http://secunia.com/advisories/37888 http://secunia.com/secunia_research/2009-61 http://securitytracker.com/id?1023481 http://www.adobe.com/support/security/bulletins/apsb10-03.html http://www.securityfocus.com/archive/1/509062/100/0/threaded http://www.securityfocus.com/bid/37870 http://www.vupen.com/english/advisories/2010/0171 https://exchange.xforce.ibmcloud.com/vulnerabilities/55758 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8311 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-4003
https://notcve.org/view.php?id=CVE-2009-4003
Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption. Múltiples desbordamiento de búfer basados en entero en Adobe Shockwave Player en versiones anteriores a la 11.5.6.606 permiten a atacantes remotos ejecutar código de su elección mediante (1) un tipo de bloque no especificado en un fichero Shockwave, que genera un desbordamiento de búfer basado en pila; y pueden permitir a atacantes remotos ejecutar código de su elección mediante (2) un bloque 3D no especificado en un fichero Shockwave que genera una corrupción de memoria; o (3) un modelo 3D manipulado en un fichero Shockwave que genera una corrupción de la pila. • http://secunia.com/advisories/37888 http://secunia.com/secunia_research/2009-62 http://secunia.com/secunia_research/2009-63 http://secunia.com/secunia_research/2010-1 http://securitytracker.com/id?1023481 http://www.adobe.com/support/security/bulletins/apsb10-03.html http://www.securityfocus.com/archive/1/509053/100/0/threaded http://www.securityfocus.com/archive/1/509055/100/0/threaded http://www.securityfocus.com/archive/1/509058/100/0/threaded http://www.securityfocus • CWE-189: Numeric Errors •
CVE-2009-3466
https://notcve.org/view.php?id=CVE-2009-3466
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information. Adobe Shockwave Player anterior a v11.5.2.602, permite a atacantes remotos ejecutar código de su elección a través de una página web manipulada que provoca una corrupción de memoria. Relacionado con la "vulnerabilidad de longitud de cadena inválida". NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros. • http://securitytracker.com/id?1023123 http://www.adobe.com/support/security/bulletins/apsb09-16.html http://www.securityfocus.com/bid/36905 http://www.vupen.com/english/advisories/2009/3134 https://exchange.xforce.ibmcloud.com/vulnerabilities/54121 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6395 • CWE-399: Resource Management Errors •