Shockwave Player
by Adobe Inc.
CVEs (175)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-4307 | 0.01 | — | 0.06 | Feb 10, 2011 | Buffer overflow in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2010-4188 | 0.01 | — | 0.07 | Feb 10, 2011 | The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk with a size field of 0, which is used in the calculation of a file offset and… | |||
| CVE-2010-3655 | 0.01 | — | 0.09 | Oct 29, 2010 | Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2010-2582 | 0.01 | — | 0.08 | Oct 29, 2010 | An unspecified function in TextXtra.x32 in Adobe Shockwave Player before 11.5.9.615 does not properly reallocate a buffer when processing a DEMX chunk in a Director file, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code. | |||
| CVE-2010-2873 | 0.01 | — | 0.06 | Aug 26, 2010 | Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie. | |||
| CVE-2010-1292 | 0.01 | — | 0.06 | May 13, 2010 | The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory… | |||
| CVE-2009-4003 | 0.01 | — | 0.07 | Jan 21, 2010 | Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via… | |||
| CVE-2009-4002 | 0.01 | — | 0.09 | Jan 21, 2010 | Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file. | |||
| CVE-2019-7104 | 0.00 | — | 0.05 | May 23, 2019 | Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2015-7649 | 0.00 | — | 0.04 | Oct 28, 2015 | Adobe Shockwave Player before 12.2.1.171 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2015-6681 | 0.00 | — | 0.06 | Sep 9, 2015 | Adobe Shockwave Player before 12.2.0.162 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6680. | |||
| CVE-2015-6680 | 0.00 | — | 0.05 | Sep 9, 2015 | Adobe Shockwave Player before 12.2.0.162 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6681. | |||
| CVE-2015-5121 | 0.00 | — | 0.04 | Jul 14, 2015 | Adobe Shockwave Player before 12.1.9.159 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5120. | |||
| CVE-2015-5120 | 0.00 | — | 0.04 | Jul 14, 2015 | Adobe Shockwave Player before 12.1.9.159 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5121. | |||
| CVE-2014-0505 | 0.00 | — | 0.05 | Mar 14, 2014 | Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2014-0501 | 0.00 | — | 0.06 | Feb 12, 2014 | Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0500. | |||
| CVE-2014-0500 | 0.00 | — | 0.06 | Feb 12, 2014 | Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0501. | |||
| CVE-2013-5334 | 0.00 | — | 0.04 | Dec 11, 2013 | Adobe Shockwave Player before 12.0.7.148 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5333. | |||
| CVE-2013-5333 | 0.00 | — | 0.04 | Dec 11, 2013 | Adobe Shockwave Player before 12.0.7.148 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5334. | |||
| CVE-2013-3360 | 0.00 | — | 0.05 | Sep 12, 2013 | Adobe Shockwave Player before 12.0.4.144 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3359. |
- CVE-2010-4307Feb 10, 2011risk 0.01cvss —epss 0.06
Buffer overflow in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors.
- CVE-2010-4188Feb 10, 2011risk 0.01cvss —epss 0.07
The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk with a size field of 0, which is used in the calculation of a file offset and…
- CVE-2010-3655Oct 29, 2010risk 0.01cvss —epss 0.09
Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code via unspecified vectors.
- CVE-2010-2582Oct 29, 2010risk 0.01cvss —epss 0.08
An unspecified function in TextXtra.x32 in Adobe Shockwave Player before 11.5.9.615 does not properly reallocate a buffer when processing a DEMX chunk in a Director file, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code.
- CVE-2010-2873Aug 26, 2010risk 0.01cvss —epss 0.06
Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
- CVE-2010-1292May 13, 2010risk 0.01cvss —epss 0.06
The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory…
- CVE-2009-4003Jan 21, 2010risk 0.01cvss —epss 0.07
Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via…
- CVE-2009-4002Jan 21, 2010risk 0.01cvss —epss 0.09
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file.
- CVE-2019-7104May 23, 2019risk 0.00cvss —epss 0.05
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
- CVE-2015-7649Oct 28, 2015risk 0.00cvss —epss 0.04
Adobe Shockwave Player before 12.2.1.171 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
- CVE-2015-6681Sep 9, 2015risk 0.00cvss —epss 0.06
Adobe Shockwave Player before 12.2.0.162 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6680.
- CVE-2015-6680Sep 9, 2015risk 0.00cvss —epss 0.05
Adobe Shockwave Player before 12.2.0.162 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6681.
- CVE-2015-5121Jul 14, 2015risk 0.00cvss —epss 0.04
Adobe Shockwave Player before 12.1.9.159 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5120.
- CVE-2015-5120Jul 14, 2015risk 0.00cvss —epss 0.04
Adobe Shockwave Player before 12.1.9.159 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5121.
- CVE-2014-0505Mar 14, 2014risk 0.00cvss —epss 0.05
Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
- CVE-2014-0501Feb 12, 2014risk 0.00cvss —epss 0.06
Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0500.
- CVE-2014-0500Feb 12, 2014risk 0.00cvss —epss 0.06
Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0501.
- CVE-2013-5334Dec 11, 2013risk 0.00cvss —epss 0.04
Adobe Shockwave Player before 12.0.7.148 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5333.
- CVE-2013-5333Dec 11, 2013risk 0.00cvss —epss 0.04
Adobe Shockwave Player before 12.0.7.148 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5334.
- CVE-2013-3360Sep 12, 2013risk 0.00cvss —epss 0.05
Adobe Shockwave Player before 12.0.4.144 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3359.
Page 3 of 9