| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Adobe Shockwave versions 12.2.8.198 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
| Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege. |
| Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
| Adobe Shockwave Player before 12.1.9.159 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5120. |
| Adobe Shockwave Player before 12.1.9.159 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5121. |
| Adobe Shockwave Player before 12.2.0.162 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6681. |
| Adobe Shockwave Player before 12.2.0.162 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6680. |
| Adobe Shockwave Player before 12.2.1.171 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
| IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x320D of a certain file. |
| Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file. |
| IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C6 of a certain file. |
| Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file. |
| Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file. |
| Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. |
| DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk size in the mmap chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie. |
| Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file. |
| An unspecified function in TextXtra.x32 in Adobe Shockwave Player before 11.5.9.615 does not properly reallocate a buffer when processing a DEMX chunk in a Director file, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code. |
| Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file. |
| Integer overflow in the dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors. |
| Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291. |
