Adobe Shockwave Player vulnerabilities

CVE-2010-2881 [CRITICAL] CWE-119 CVE-2010-2881: IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allo IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a certain file.

CVE-2010-2870 [CRITICAL] CWE-119 CVE-2010-2870: DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk s DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk size in the mmap chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.

CVE-2010-2872 [CRITICAL] CWE-20 CVE-2010-2872: Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted movie.

CVE-2010-2865 [MEDIUM] CVE-2010-2865: Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a de Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service via unknown vectors.

CVE-2010-1292 [CRITICAL] CWE-119 CVE-2010-1292: The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not v The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.

CVE-2010-1288 [CRITICAL] CWE-119 CVE-2010-1288: Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitra Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors.

CVE-2010-0128 [CRITICAL] CWE-787 CVE-2010-0128: Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Directo Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.

CVE-2010-1284 [CRITICAL] CWE-119 CVE-2010-1284: Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corru Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.

CVE-2010-1291 [CRITICAL] CVE-2010-1291: Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corru Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1290.

CVE-2010-1289 [CRITICAL] CVE-2010-1289: Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corru Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291.

CVE-2010-1286 [CRITICAL] CVE-2010-1286: Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corru Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.

CVE-2010-1287 [CRITICAL] CVE-2010-1287: Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corru Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.

CVE-2010-1290 [CRITICAL] CVE-2010-1290: Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corru Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291.

CVE-2010-0129 [HIGH] CWE-190 CVE-2010-0129: Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cau Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.

CVE-2010-0130 [HIGH] CWE-190 CVE-2010-0130: Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.

CVE-2010-1283 [HIGH] CWE-787 CVE-2010-1283: Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) f Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.

CVE-2010-1281 [HIGH] CWE-787 CVE-2010-1281: iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.

CVE-2010-0986 [HIGH] CWE-787 CVE-2010-0986: Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remot Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.

CVE-2010-1280 [HIGH] CWE-787 CVE-2010-1280: Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.

CVE-2010-0127 [HIGH] CWE-787 CVE-2010-0127: Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.