Adobe: >> Shockwave Player >> 10.1.4.020 Security Vulnerabilities
Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.
CVSS Score
8.8
EPSS Score
0.098
Published
2010-05-13
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.
CVSS Score
8.8
EPSS Score
0.117
Published
2010-05-13
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file.
CVSS Score
9.3
EPSS Score
0.213
Published
2010-01-21
Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption.
CVSS Score
9.3
EPSS Score
0.172
Published
2010-01-21
Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information.
CVSS Score
9.3
EPSS Score
0.073
Published
2009-11-04
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information.
CVSS Score
9.3
EPSS Score
0.118
Published
2009-11-04
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information.
CVSS Score
9.3
EPSS Score
0.118
Published
2009-11-04
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information.
CVSS Score
9.3
EPSS Score
0.043
Published
2009-11-04
Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.
CVSS Score
9.3
EPSS Score
0.461
Published
2009-09-18
Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content.
CVSS Score
9.3
EPSS Score
0.077
Published
2009-06-25