Shockwave Player
Sign in to watchby Adobe Inc.
CVEs (165)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-3086 | Cri | 0.64 | 9.8 | 0.06 | Jun 20, 2017 | Adobe Shockwave versions 12.2.8.198 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |
| CVE-2010-1280 | Hig | 0.63 | 8.8 | 0.36 | May 13, 2010 | Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file. | |
| CVE-2010-1283 | Hig | 0.58 | 8.8 | 0.09 | May 13, 2010 | Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record. | |
| CVE-2010-1281 | Hig | 0.58 | 8.8 | 0.12 | May 13, 2010 | iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. | |
| CVE-2010-0987 | Hig | 0.58 | 8.8 | 0.13 | May 13, 2010 | Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file. | |
| CVE-2010-0986 | Hig | 0.58 | 8.8 | 0.08 | May 13, 2010 | Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file. | |
| CVE-2010-0130 | Hig | 0.58 | 8.8 | 0.10 | May 13, 2010 | Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file. | |
| CVE-2010-0129 | Hig | 0.58 | 8.8 | 0.12 | May 13, 2010 | Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error. | |
| CVE-2010-0127 | Hig | 0.58 | 8.8 | 0.14 | May 13, 2010 | Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file. | |
| CVE-2017-2983 | Hig | 0.51 | 7.8 | 0.02 | Mar 14, 2017 | Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege. | |
| CVE-2010-1282 | Med | 0.42 | 6.5 | 0.01 | May 13, 2010 | Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file. | |
| CVE-2010-3653 | 0.09 | — | 0.78 | Oct 26, 2010 | The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information. | ||
| CVE-2009-3244 | 0.06 | — | 0.42 | Sep 18, 2009 | Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value. | ||
| CVE-2010-2866 | 0.05 | — | 0.24 | Aug 26, 2010 | Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure" and the tSAC chunk in a Director movie. | ||
| CVE-2007-5941 | 0.05 | — | 0.21 | Nov 14, 2007 | Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method. | ||
| CVE-2007-5275 | 0.03 | — | 0.37 | Oct 8, 2007 | The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324. | ||
| CVE-2005-3525 | 0.03 | — | 0.38 | Dec 31, 2005 | Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters. | ||
| CVE-2014-0501 | 0.02 | — | 0.24 | Feb 12, 2014 | Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0500. | ||
| CVE-2014-0500 | 0.02 | — | 0.24 | Feb 12, 2014 | Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0501. | ||
| CVE-2013-3360 | 0.02 | — | 0.26 | Sep 12, 2013 | Adobe Shockwave Player before 12.0.4.144 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3359. |