cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*
Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Max CVSS
9.3
EPSS Score
8.92%
Published
2010-10-29
Updated
2017-09-19
IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file containing "duplicated LCSM entries in mmap record," a different vulnerability than CVE-2010-4087.
Max CVSS
9.3
EPSS Score
3.24%
Published
2010-10-29
Updated
2018-10-10
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with "duplicated references to the same KEY* chunk," a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4086.
Max CVSS
9.3
EPSS Score
3.24%
Published
2010-10-29
Updated
2018-10-10
IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with a crafted mmap record containing an invalid length of a VSWV entry, a different vulnerability than CVE-2010-4089.
Max CVSS
9.3
EPSS Score
3.24%
Published
2010-10-29
Updated
2018-10-10
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Director (.dir) media file with an invalid element size, a different vulnerability than CVE-2010-2581, CVE-2010-2880, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4088.
Max CVSS
9.3
EPSS Score
3.24%
Published
2010-10-29
Updated
2018-10-10
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4086, and CVE-2010-4088.
Max CVSS
9.3
EPSS Score
14.53%
Published
2010-10-29
Updated
2017-09-19
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088.
Max CVSS
9.3
EPSS Score
14.53%
Published
2010-10-29
Updated
2017-09-19
Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code via unspecified vectors.
Max CVSS
9.3
EPSS Score
66.29%
Published
2010-10-29
Updated
2017-09-19

CVE-2010-3653

Public exploit
The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
90.86%
Published
2010-10-26
Updated
2017-09-19
DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3812 of a certain file.
Max CVSS
9.3
EPSS Score
11.52%
Published
2010-08-26
Updated
2018-10-10
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a certain file.
Max CVSS
9.3
EPSS Score
11.52%
Published
2010-08-26
Updated
2018-10-10
DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x47 of a certain file.
Max CVSS
9.3
EPSS Score
11.52%
Published
2010-08-26
Updated
2018-10-10
Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record in a Director movie.
Max CVSS
9.3
EPSS Score
17.50%
Published
2010-08-26
Updated
2018-10-10
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk size in the mmap chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
Max CVSS
9.3
EPSS Score
4.70%
Published
2010-08-26
Updated
2018-10-10
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3712 of a certain file.
Max CVSS
9.3
EPSS Score
11.52%
Published
2010-08-26
Updated
2018-10-10
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x320D of a certain file.
Max CVSS
9.3
EPSS Score
11.52%
Published
2010-08-26
Updated
2018-10-10
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to a "pointer offset vulnerability."
Max CVSS
9.3
EPSS Score
4.70%
Published
2010-08-26
Updated
2018-10-10
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C6 of a certain file.
Max CVSS
9.3
EPSS Score
11.52%
Published
2010-08-26
Updated
2018-10-10
Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
3.24%
Published
2010-08-26
Updated
2017-09-19
An unspecified function in TextXtra.x32 in Adobe Shockwave Player before 11.5.9.615 does not properly reallocate a buffer when processing a DEMX chunk in a Director file, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code.
Max CVSS
9.3
EPSS Score
9.95%
Published
2010-10-29
Updated
2018-10-10
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director file containing a crafted pamm chunk with an invalid (1) size and (2) number of sub-chunks, a different vulnerability than CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088.
Max CVSS
9.3
EPSS Score
11.52%
Published
2010-10-29
Updated
2018-10-10
The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.
Max CVSS
9.3
EPSS Score
16.25%
Published
2010-05-13
Updated
2022-02-28
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1290.
Max CVSS
9.3
EPSS Score
1.86%
Published
2010-05-13
Updated
2022-02-28
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291.
Max CVSS
9.3
EPSS Score
1.86%
Published
2010-05-13
Updated
2021-12-16
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291.
Max CVSS
9.3
EPSS Score
1.86%
Published
2010-05-13
Updated
2022-02-28
34 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!