Shockwave Player
by Adobe Inc.
CVEs (175)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11294 | Cri | 0.64 | 9.8 | 0.09 | Dec 9, 2017 | An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2017-3086 | Cri | 0.64 | 9.8 | 0.07 | Jun 20, 2017 | Adobe Shockwave versions 12.2.8.198 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2010-1280 | Hig | 0.62 | 8.8 | 0.17 | May 13, 2010 | Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file. | ||
| CVE-2012-0771 | Hig | 0.58 | 8.8 | 0.05 | Feb 19, 2018 | Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0759. | ||
| CVE-2010-1283 | Hig | 0.58 | 8.8 | 0.06 | May 13, 2010 | Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record. | ||
| CVE-2010-1281 | Hig | 0.58 | 8.8 | 0.07 | May 13, 2010 | iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka… | ||
| CVE-2010-0987 | Hig | 0.58 | 8.8 | 0.11 | May 13, 2010 | Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file. | ||
| CVE-2010-0986 | Hig | 0.58 | 8.8 | 0.05 | May 13, 2010 | Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file. | ||
| CVE-2010-0130 | Hig | 0.58 | 8.8 | 0.07 | May 13, 2010 | Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file. | ||
| CVE-2010-0129 | Hig | 0.58 | 8.8 | 0.06 | May 13, 2010 | Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error. | ||
| CVE-2010-0127 | Hig | 0.58 | 8.8 | 0.05 | May 13, 2010 | Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file. | ||
| CVE-2017-2983 | Hig | 0.51 | 7.8 | 0.03 | Mar 14, 2017 | Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege. | ||
| CVE-2010-1282 | Med | 0.42 | 6.5 | 0.03 | May 13, 2010 | Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file. | ||
| CVE-2010-3653 | 0.09 | — | 0.75 | Oct 26, 2010 | The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer… | |||
| CVE-2007-5941 | 0.06 | — | 0.32 | Nov 14, 2007 | Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method. | |||
| CVE-2009-3244 | 0.05 | — | 0.20 | Sep 18, 2009 | Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value. | |||
| CVE-2010-2866 | 0.04 | — | 0.13 | Aug 26, 2010 | Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure" and the tSAC chunk in a… | |||
| CVE-2005-3525 | 0.02 | — | 0.19 | Dec 31, 2005 | Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters. | |||
| CVE-2019-7098 | 0.01 | — | 0.05 | May 23, 2019 | Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2019-7102 | 0.01 | — | 0.04 | May 23, 2019 | Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
- risk 0.64cvss 9.8epss 0.09
An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.07
Adobe Shockwave versions 12.2.8.198 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.62cvss 8.8epss 0.17
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.
- risk 0.58cvss 8.8epss 0.05
Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0759.
- risk 0.58cvss 8.8epss 0.06
Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.
- risk 0.58cvss 8.8epss 0.07
iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka…
- risk 0.58cvss 8.8epss 0.11
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.
- risk 0.58cvss 8.8epss 0.05
Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.
- risk 0.58cvss 8.8epss 0.07
Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.
- risk 0.58cvss 8.8epss 0.06
Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.
- risk 0.58cvss 8.8epss 0.05
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.
- risk 0.51cvss 7.8epss 0.03
Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege.
- risk 0.42cvss 6.5epss 0.03
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.
- CVE-2010-3653Oct 26, 2010risk 0.09cvss —epss 0.75
The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer…
- CVE-2007-5941Nov 14, 2007risk 0.06cvss —epss 0.32
Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method.
- CVE-2009-3244Sep 18, 2009risk 0.05cvss —epss 0.20
Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.
- CVE-2010-2866Aug 26, 2010risk 0.04cvss —epss 0.13
Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure" and the tSAC chunk in a…
- CVE-2005-3525Dec 31, 2005risk 0.02cvss —epss 0.19
Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters.
- CVE-2019-7098May 23, 2019risk 0.01cvss —epss 0.05
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
- CVE-2019-7102May 23, 2019risk 0.01cvss —epss 0.04
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
Page 1 of 9