Adobe Shockwave Player vulnerabilities

CVE-2010-4195 [CRITICAL] CWE-20 CVE-2010-4195: The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecifi The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

CVE-2011-0556 [CRITICAL] CWE-119 CVE-2011-0556: The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arb The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PFR1 chunk that leads to an unexpected sign extension and an invalid pointer dereference, a different vulnerability than CVE-2011-0569.

CVE-2010-4196 [CRITICAL] CWE-20 CVE-2010-4196: The Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9.620 does not properly validate The Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

CVE-2010-4307 [CRITICAL] CWE-119 CVE-2010-4307: Buffer overflow in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary co Buffer overflow in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors.

CVE-2010-4093 [CRITICAL] CWE-119 CVE-2010-4093: Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denia Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.

CVE-2010-4193 [CRITICAL] CWE-20 CVE-2010-4193: Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which al Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

CVE-2010-4194 [CRITICAL] CWE-20 CVE-2010-4194: The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspeci The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

CVE-2010-4192 [CRITICAL] CVE-2010-4192: Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denia Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted 3D Assets 0xFFFFFF88 type record that triggers an incorrect memory allocation, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, and C

CVE-2010-4190 [CRITICAL] CVE-2010-4190: Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denia Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted CSWV RIFF chunk that causes an incorrect calculation of an offset for a substructure, which causes an out-of-bounds "seek" of heap memory, a different vulnerability than CVE-2011-0555, CVE-2

CVE-2011-0555 [CRITICAL] CVE-2011-0555: The TextXtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execu The TextXtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a Director file with a crafted DEMX RIFF chunk that triggers incorrect buffer allocation, a different vulnerability than CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CV

CVE-2010-4187 [CRITICAL] CVE-2010-4187: Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denia Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed chunk in a Director file, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.

CVE-2010-2589 [CRITICAL] CWE-189 CVE-2010-2589: Integer overflow in the dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attacke Integer overflow in the dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors.

CVE-2010-4092 [CRITICAL] CWE-399 CVE-2010-4092: Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player bef Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 11.5.9.620 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an unloaded library. NOTE: some of these details are obtained from third party information.

CVE-2010-4087 [CRITICAL] CWE-119 CVE-2010-4087: IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with a crafted mmap record containing an invalid length of a VSWV entry, a different vulnerability than CVE-2010-4089.

CVE-2010-4084 [CRITICAL] CVE-2010-4084: dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088.

CVE-2010-4089 [CRITICAL] CVE-2010-4089: IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file containing "duplicated LCSM entries in mmap record," a different vulnerability than CVE-2010-4087.

CVE-2010-3655 [CRITICAL] CWE-119 CVE-2010-3655: Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attacke Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code via unspecified vectors.

CVE-2010-4085 [CRITICAL] CVE-2010-4085: dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4086, and CVE-2010-4088.

CVE-2010-4088 [CRITICAL] CVE-2010-4088: dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with "duplicated references to the same KEY* chunk," a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4086.

CVE-2010-4090 [CRITICAL] CWE-119 CVE-2010-4090: Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denia Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.