Adobe Shockwave Player vulnerabilities

CVE-2010-0987 [HIGH] CWE-787 CVE-2010-0987: Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.

CVE-2010-1282 [MEDIUM] CWE-835 CVE-2010-1282: Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infin Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.

CVE-2009-4002 [CRITICAL] CWE-119 CVE-2009-4002: Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to ex Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file.

CVE-2009-4003 [CRITICAL] CWE-189 CVE-2009-4003: Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to exe Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corru

CVE-2009-3465 [CRITICAL] CVE-2009-3465: Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via craft Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information.

CVE-2009-3466 [CRITICAL] CWE-399 CVE-2009-3466: Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a cra Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information.

CVE-2009-3464 [CRITICAL] CWE-94 CVE-2009-3464: Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via craft Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information.

CVE-2009-3463 [CRITICAL] CWE-119 CVE-2009-3463: Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arb Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information.

CVE-2009-3244 [CRITICAL] CWE-119 CVE-2009-3244: Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.

CVE-2009-1860 [CRITICAL] CVE-2009-1860: Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to exe Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content.

CVE-2009-2186 [CRITICAL] CVE-2009-2186: Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 allows remote attackers to exe Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2009-1860, related to an older issue that "was previously resolved in Shockwave Player 11.0.0.465."

CVE-2007-5275 [MEDIUM] CVE-2007-5275: The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does

CVE-2005-3525 [CRITICAL] CVE-2005-3525: Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave P Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters.