CVE-2011-2123Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Shockwave Player

CWE-1893 documents3 sources
Severity
9.3CRITICALNVD
EPSS
17.1%
top 4.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Shockwave Player
Timeline
PublishedJun 16
Latest updateMay 17

Description

Integer overflow in the Shockwave 3D Asset x32 component in Adobe Shockwave Player before 11.6.0.626 allows remote attackers to execute arbitrary code via a crafted subrecord in a DEMX chunk, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDadobe/shockwave_player11.5.9.620+42

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-3xp5-27h2-jqvx: Integer overflow in the Shockwave 3D Asset x32 component in Adobe Shockwave Player before 112022-05-17
CVEList
CVE-2011-2123: Integer overflow in the Shockwave 3D Asset x32 component in Adobe Shockwave Player before 112011-06-16
CVE-2011-2123 — Adobe Shockwave Player vulnerability | cvebase