Adobe » Shockwave Player » 8.5.323 : Security Vulnerabilities, CVEs, Published In 2010 (Denial of service)
Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Max CVSS
9.3
EPSS Score
8.92%
Published
2010-10-29
Updated
2017-09-19
IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file containing "duplicated LCSM entries in mmap record," a different vulnerability than CVE-2010-4087.
Max CVSS
9.3
EPSS Score
3.24%
Published
2010-10-29
Updated
2018-10-10
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with "duplicated references to the same KEY* chunk," a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4086.
Max CVSS
9.3
EPSS Score
3.24%
Published
2010-10-29
Updated
2018-10-10
IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with a crafted mmap record containing an invalid length of a VSWV entry, a different vulnerability than CVE-2010-4089.
Max CVSS
9.3
EPSS Score
3.24%
Published
2010-10-29
Updated
2018-10-10
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Director (.dir) media file with an invalid element size, a different vulnerability than CVE-2010-2581, CVE-2010-2880, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4088.
Max CVSS
9.3
EPSS Score
3.24%
Published
2010-10-29
Updated
2018-10-10
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4086, and CVE-2010-4088.
Max CVSS
9.3
EPSS Score
14.53%
Published
2010-10-29
Updated
2017-09-19
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088.
Max CVSS
9.3
EPSS Score
14.53%
Published
2010-10-29
Updated
2017-09-19
CVE-2010-3653
Public exploit
The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
90.86%
Published
2010-10-26
Updated
2017-09-19
DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3812 of a certain file.
Max CVSS
9.3
EPSS Score
11.52%
Published
2010-08-26
Updated
2018-10-10
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a certain file.
Max CVSS
9.3
EPSS Score
11.52%
Published
2010-08-26
Updated
2018-10-10
DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x47 of a certain file.
Max CVSS
9.3
EPSS Score
11.52%
Published
2010-08-26
Updated
2018-10-10
Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count or (2) element size value in a file.
Max CVSS
9.3
EPSS Score
8.33%
Published
2010-08-26
Updated
2018-10-10
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
Max CVSS
9.3
EPSS Score
16.00%
Published
2010-08-26
Updated
2018-10-10
Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32X.dll and DIRAPIX.dll.
Max CVSS
9.3
EPSS Score
16.00%
Published
2010-08-26
Updated
2018-10-10
Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
Max CVSS
9.3
EPSS Score
35.70%
Published
2010-08-26
Updated
2018-10-10
Integer signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated with the tSAC chunk in a Director movie.
Max CVSS
9.3
EPSS Score
44.68%
Published
2010-08-26
Updated
2017-09-19
Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
Max CVSS
9.3
EPSS Score
35.88%
Published
2010-08-26
Updated
2018-10-10
Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted movie.
Max CVSS
9.3
EPSS Score
35.70%
Published
2010-08-26
Updated
2018-10-10
Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record in a Director movie.
Max CVSS
9.3
EPSS Score
17.50%
Published
2010-08-26
Updated
2018-10-10
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk size in the mmap chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
Max CVSS
9.3
EPSS Score
4.70%
Published
2010-08-26
Updated
2018-10-10
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3712 of a certain file.
Max CVSS
9.3
EPSS Score
11.52%
Published
2010-08-26
Updated
2018-10-10
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x320D of a certain file.
Max CVSS
9.3
EPSS Score
11.52%
Published
2010-08-26
Updated
2018-10-10
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to a "pointer offset vulnerability."
Max CVSS
9.3
EPSS Score
4.70%
Published
2010-08-26
Updated
2018-10-10
Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure" and the tSAC chunk in a Director movie.
Max CVSS
9.3
EPSS Score
84.99%
Published
2010-08-26
Updated
2018-10-10
Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service via unknown vectors.
Max CVSS
5.0
EPSS Score
0.39%
Published
2010-08-26
Updated
2017-09-19