CVSS: 9.3EPSS: 7%CPEs: 12EXPL: 0CVE-2009-1860 – Adobe Shockwave Player Director File Parsing Pointer Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2009-1860
Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content. Vulnerabilidad sin especificar en Adobe Shockwave Player anterior a v11.5.0.600 permite a atacantes remotos ejecutar código de su elección a través de contenido Shockwave Player 10 manipulado. This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Shockwave Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when the Shockwave player attempts to load a specially crafted Adobe Director File. When a malicious value is used during a memory dereference a possible 4-byte memory overwrite may occur. • http://secunia.com/advisories/35544 http://www.adobe.com/support/security/bulletins/apsb09-08.html http://www.securityfocus.com/bid/35469 http://www.securitytracker.com/id?1022440 •
CVSS: 9.3EPSS: 40%CPEs: 9EXPL: 0CVE-2005-3525 – Adobe Macromedia ShockWave Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2005-3525
Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Macromedia Shockwave. Exploitation requires the target to visit a malicious web site. This specific flaw exists within the ActiveX control with CLSID 166B1BCA-3F9C-11CF-8075-444553540000. Specifying large values for two specific parameters to this control results in an exploitable stack based buffer overflow. Due to the nature of this vulnerability, the target user is not required to have fully completed an installation of Shockwave to be vulnerable. • http://secunia.com/advisories/19009 http://securityreason.com/securityalert/481 http://securitytracker.com/id?1015673 http://www.kb.cert.org/vuls/id/437212 http://www.macromedia.com/devnet/security/security_zone/apsb06-02.html http://www.osvdb.org/23461 http://www.securityfocus.com/archive/1/425900/100/0/threaded http://www.securityfocus.com/bid/16791 http://www.vupen.com/english/advisories/2006/0716 http://www.zerodayinitiative.com/advisories/ZDI-06-002.html https:// •