Adobe » Shockwave Player » 8.0.196a : Security Vulnerabilities, CVEs,
Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content.
Max CVSS
9.3
EPSS Score
7.86%
Published
2009-06-25
Updated
2009-07-02
Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2009-1860, related to an older issue that "was previously resolved in Shockwave Player 11.0.0.465."
Max CVSS
9.3
EPSS Score
0.94%
Published
2009-06-25
Updated
2009-07-01
Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.
Max CVSS
9.3
EPSS Score
84.86%
Published
2009-09-18
Updated
2017-09-19
Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
7.81%
Published
2009-11-04
Updated
2017-09-19
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
7.31%
Published
2009-11-04
Updated
2017-09-19
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
7.31%
Published
2009-11-04
Updated
2017-09-19
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
4.86%
Published
2009-11-04
Updated
2017-09-19
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file.
Max CVSS
9.3
EPSS Score
38.99%
Published
2010-01-21
Updated
2018-10-10
Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption.
Max CVSS
9.3
EPSS Score
27.08%
Published
2010-01-21
Updated
2018-10-10
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.
Max CVSS
9.3
EPSS Score
4.36%
Published
2010-05-13
Updated
2022-11-03
Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.
Max CVSS
9.3
EPSS Score
7.65%
Published
2010-05-13
Updated
2022-04-22
Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.
Max CVSS
9.3
EPSS Score
4.17%
Published
2010-05-13
Updated
2022-06-07
Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.
Max CVSS
9.3
EPSS Score
6.65%
Published
2010-05-13
Updated
2022-11-03
Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.
Max CVSS
9.3
EPSS Score
4.36%
Published
2010-05-13
Updated
2022-11-03
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.
Max CVSS
9.3
EPSS Score
9.94%
Published
2010-05-13
Updated
2022-11-03
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.
Max CVSS
9.3
EPSS Score
7.32%
Published
2010-05-13
Updated
2022-09-16
iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.
Max CVSS
9.3
EPSS Score
42.84%
Published
2010-05-13
Updated
2022-09-29
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.
Max CVSS
6.5
EPSS Score
3.19%
Published
2010-05-13
Updated
2022-04-05
Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.
Max CVSS
9.3
EPSS Score
15.17%
Published
2010-05-13
Updated
2022-04-05
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.
Max CVSS
9.3
EPSS Score
1.86%
Published
2010-05-13
Updated
2022-02-28
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.
Max CVSS
9.3
EPSS Score
1.86%
Published
2010-05-13
Updated
2022-02-28
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.
Max CVSS
9.3
EPSS Score
1.86%
Published
2010-05-13
Updated
2022-02-28
Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors.
Max CVSS
9.3
EPSS Score
1.34%
Published
2010-05-13
Updated
2022-02-28
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291.
Max CVSS
9.3
EPSS Score
1.86%
Published
2010-05-13
Updated
2022-02-28
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291.
Max CVSS
9.3
EPSS Score
1.86%
Published
2010-05-13
Updated
2021-12-16