«
Expand/Collapse
204 items tagged "shockwave"
Related tags:
director file [+],
shockwave files [+],
overflow vulnerability [+],
idefense security advisory [+],
arbitrary code [+],
code execution [+],
shockwave player [+],
player [+],
target [+],
shockwave user [+],
player versions [+],
memory [+],
memory corruption [+],
code [+],
logical screen [+],
based buffer overflow [+],
vulnerability research [+],
secunia [+],
rcsl [+],
overflow errors [+],
overflow error [+],
integer overflow [+],
heap memory [+],
director [+],
dirapi [+],
chunk [+],
vulnerability [+],
zero [+],
zdi [+],
valid pointer [+],
service vulnerability [+],
operation [+],
memory segment [+],
memory copy [+],
lingo script [+],
input validation [+],
global color table [+],
file [+],
denial of service [+],
d blocks [+],
cross site scripting [+],
cross [+],
critical vulnerability [+],
com [+],
buffer [+],
arithmetic operations [+],
arbitrary code execution [+],
safer use [+],
tsac [+],
security technologies [+],
overflow code [+],
integer overflow vulnerability [+],
iml [+],
heap [+],
font [+],
element code [+],
dparse [+],
dbo [+],
d parsing [+],
cve [+],
cpu load [+],
buffer overflow vulnerability [+],
adobeshockwave [+],
adobe director [+],
zaps [+],
web page versions [+],
vupen [+],
text element [+],
termination code [+],
stack overflow [+],
security research [+],
security [+],
research [+],
remote [+],
pointer [+],
poc [+],
pfr [+],
pdf [+],
moaub [+],
macos x [+],
lnam [+],
invalid [+],
gif [+],
fixe [+],
exec [+],
dll [+],
decompression code [+],
d two [+],
d object [+],
d assets [+],
cswv [+],
critical [+],
chunk size [+],
bug [+],
adobeiml [+],
adobe systems inc [+],
Bugs [+],
6 606 [+],
txt [+],
bugtraq [+],
adobe [+],
adobe shockwave player [+],
tpti [+],
shockwave director [+],
s system [+],
shockwave 3d [+]
-
-
21:26
»
Packet Storm Security Recent Files
Adobe Shockwave Player suffers from multiple memory corruption vulnerabilities when parsing .dir media files. This file has three advisories pertaining to these issues. Versions affected include Shockwave Player version 11.6.3r633, Module IMLLib.framework on MacOS X 10.7.2 (11C74).
-
-
9:11
»
Packet Storm Security Advisories
Adobe Shockwave Player versions 11.6.x.x suffer from a memory corruption vulnerability when parsing the field of KEY_ATOM of Director File.
-
-
17:44
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
12:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
12:29
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
11:39
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
11:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
18:44
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
13:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
8:06
»
Packet Storm Security Recent Files
Core Security Technologies Advisory - A memory corruption vulnerability in Adobe Shockwave Player can be leveraged to execute arbitrary code on vulnerable systems by enticing users to visit a malicious web site with a specially crafted .dir file. This vulnerability could be used by a remote attacker to execute arbitrary code with the privileges of the user that opened the malicious file.
-
8:06
»
Packet Storm Security Misc. Files
Core Security Technologies Advisory - A memory corruption vulnerability in Adobe Shockwave Player can be leveraged to execute arbitrary code on vulnerable systems by enticing users to visit a malicious web site with a specially crafted .dir file. This vulnerability could be used by a remote attacker to execute arbitrary code with the privileges of the user that opened the malicious file.
-
-
16:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:04
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:54
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
15:24
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
23:44
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
23:44
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
13:44
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
23:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
23:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
20:24
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
20:19
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
12:44
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
12:39
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
18:54
»
Packet Storm Security Advisories
iDefense Security Advisory 06.14.11 - Remote exploitation of a heap overflow vulnerability in Adobe Systems Inc.'s Shockwave could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when Shockwave processes a maliciously constructed "DRCF" chunk. Specifically, when parsing a substructure inside of this chunk, it is possible to trigger a code path that leads to an incorrect string copy operation. The vulnerable code performs a certain operation on a heap-based buffer, which has the effect of overwriting the NULL terminator of the string in the middle of the copy operation. This will lead to an endless copy loop until the read operation hits the end of the memory segment. This operation writes beyond the allocated heap buffer, and can lead to the execution of arbitrary code. Shockwave Player version 11.5.9.620 and prior are vulnerable.
-
18:54
»
Packet Storm Security Recent Files
iDefense Security Advisory 06.14.11 - Remote exploitation of a heap overflow vulnerability in Adobe Systems Inc.'s Shockwave could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when Shockwave processes a maliciously constructed "DRCF" chunk. Specifically, when parsing a substructure inside of this chunk, it is possible to trigger a code path that leads to an incorrect string copy operation. The vulnerable code performs a certain operation on a heap-based buffer, which has the effect of overwriting the NULL terminator of the string in the middle of the copy operation. This will lead to an endless copy loop until the read operation hits the end of the memory segment. This operation writes beyond the allocated heap buffer, and can lead to the execution of arbitrary code. Shockwave Player version 11.5.9.620 and prior are vulnerable.
-
18:54
»
Packet Storm Security Misc. Files
iDefense Security Advisory 06.14.11 - Remote exploitation of a heap overflow vulnerability in Adobe Systems Inc.'s Shockwave could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when Shockwave processes a maliciously constructed "DRCF" chunk. Specifically, when parsing a substructure inside of this chunk, it is possible to trigger a code path that leads to an incorrect string copy operation. The vulnerable code performs a certain operation on a heap-based buffer, which has the effect of overwriting the NULL terminator of the string in the middle of the copy operation. This will lead to an endless copy loop until the read operation hits the end of the memory segment. This operation writes beyond the allocated heap buffer, and can lead to the execution of arbitrary code. Shockwave Player version 11.5.9.620 and prior are vulnerable.
-
18:51
»
Packet Storm Security Advisories
iDefense Security Advisory 06.14.11 - Remote exploitation of a integer signedness vulnerability in Adobe Systems Inc.'s Shockwave could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when Shockwave processes a maliciously constructed "Lscr" record. This record can embed Lingo script code, which is Shockwave's scripting language. The vulnerability occurs when processing certain opcodes. Specifically, a 32-bit value from the file is used as an offset into a heap buffer without proper validation. When comparing the value to the maximum buffer size, a signed comparison is performed. By using a negative value, it is possible to index outside of the allocated buffer. This results in data outside of the buffer being treated as a valid pointer, and this pointer is later used as the destination of a write operation. This can corrupt an arbitrary memory address, which can lead to the execution of arbitrary code. Shockwave Player version 11.5.9.620 and prior are vulnerable.
-
18:51
»
Packet Storm Security Recent Files
iDefense Security Advisory 06.14.11 - Remote exploitation of a integer signedness vulnerability in Adobe Systems Inc.'s Shockwave could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when Shockwave processes a maliciously constructed "Lscr" record. This record can embed Lingo script code, which is Shockwave's scripting language. The vulnerability occurs when processing certain opcodes. Specifically, a 32-bit value from the file is used as an offset into a heap buffer without proper validation. When comparing the value to the maximum buffer size, a signed comparison is performed. By using a negative value, it is possible to index outside of the allocated buffer. This results in data outside of the buffer being treated as a valid pointer, and this pointer is later used as the destination of a write operation. This can corrupt an arbitrary memory address, which can lead to the execution of arbitrary code. Shockwave Player version 11.5.9.620 and prior are vulnerable.
-
18:51
»
Packet Storm Security Misc. Files
iDefense Security Advisory 06.14.11 - Remote exploitation of a integer signedness vulnerability in Adobe Systems Inc.'s Shockwave could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when Shockwave processes a maliciously constructed "Lscr" record. This record can embed Lingo script code, which is Shockwave's scripting language. The vulnerability occurs when processing certain opcodes. Specifically, a 32-bit value from the file is used as an offset into a heap buffer without proper validation. When comparing the value to the maximum buffer size, a signed comparison is performed. By using a negative value, it is possible to index outside of the allocated buffer. This results in data outside of the buffer being treated as a valid pointer, and this pointer is later used as the destination of a write operation. This can corrupt an arbitrary memory address, which can lead to the execution of arbitrary code. Shockwave Player version 11.5.9.620 and prior are vulnerable.
-
3:39
»
Packet Storm Security Recent Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rcsL chunk inside Adobe's RIFF-based Director file format. The code within the dirapi.dll does not properly validate substructure elements before using them to manipulate memory. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.
-
3:39
»
Packet Storm Security Misc. Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rcsL chunk inside Adobe's RIFF-based Director file format. The code within the dirapi.dll does not properly validate substructure elements before using them to manipulate memory. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.
-
3:38
»
Packet Storm Security Advisories
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Lnam chunk inside Adobe's RIFF-based Director file format. The code within the IML32.dll does not properly validate certain fields before using them to calculate sizes used for later memory copy operations. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.
-
3:38
»
Packet Storm Security Recent Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Lnam chunk inside Adobe's RIFF-based Director file format. The code within the IML32.dll does not properly validate certain fields before using them to calculate sizes used for later memory copy operations. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.
-
3:38
»
Packet Storm Security Misc. Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Lnam chunk inside Adobe's RIFF-based Director file format. The code within the IML32.dll does not properly validate certain fields before using them to calculate sizes used for later memory copy operations. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.
-
3:37
»
Packet Storm Security Advisories
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DEMX chunk inside Adobe's RIFF-based Director file format. The code within the IML32.dll does not properly parse GIF images. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.
-
3:37
»
Packet Storm Security Recent Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DEMX chunk inside Adobe's RIFF-based Director file format. The code within the IML32.dll does not properly parse GIF images. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.
-
3:37
»
Packet Storm Security Misc. Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DEMX chunk inside Adobe's RIFF-based Director file format. The code within the IML32.dll does not properly parse GIF images. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.
-
3:30
»
Packet Storm Security Advisories
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CSWV chunk inside Adobe's RIFF-based Director file format. When handling certain substructures, the code does not properly ensure arithmetic operations will not exceed expected values. By crafting a file with certain values this can be abused to cause memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.
-
3:30
»
Packet Storm Security Recent Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CSWV chunk inside Adobe's RIFF-based Director file format. When handling certain substructures, the code does not properly ensure arithmetic operations will not exceed expected values. By crafting a file with certain values this can be abused to cause memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.
-
3:30
»
Packet Storm Security Misc. Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CSWV chunk inside Adobe's RIFF-based Director file format. When handling certain substructures, the code does not properly ensure arithmetic operations will not exceed expected values. By crafting a file with certain values this can be abused to cause memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.
-
3:28
»
Packet Storm Security Advisories
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CSWV chunk inside Adobe's RIFF-based Director file format. The code within the IML32.dll does not properly parse byte arrays. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.
-
3:28
»
Packet Storm Security Recent Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CSWV chunk inside Adobe's RIFF-based Director file format. The code within the IML32.dll does not properly parse byte arrays. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.
-
3:28
»
Packet Storm Security Misc. Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CSWV chunk inside Adobe's RIFF-based Director file format. The code within the IML32.dll does not properly parse byte arrays. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.
-
3:16
»
Packet Storm Security Advisories
A memory corruption vulnerability in the Dirapi.dll component of Adobe Shockwave Player could lead to code execution. By crafting specific values within rcsL substructures an attacker can corrupt memory.
-
3:16
»
Packet Storm Security Recent Files
A memory corruption vulnerability in the Dirapi.dll component of Adobe Shockwave Player could lead to code execution. By crafting specific values within rcsL substructures an attacker can corrupt memory.
-
3:16
»
Packet Storm Security Misc. Files
A memory corruption vulnerability in the Dirapi.dll component of Adobe Shockwave Player could lead to code execution. By crafting specific values within rcsL substructures an attacker can corrupt memory.
-
-
20:59
»
SecuriTeam
A memory corruption vulnerability was identified in Adobe Shockwave DIRAPI LCTX.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:06
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-212 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Shockwave handles KEY* elements in a Director file. The Shockwave player will allocate memory with a size taken from the Shockwave file but will always copy a few bytes into that allocation. KEY* sizes smaller then 4 will therefore cause an overwrite of the allocation. By cleverly crafting the input file, an attacker can leverage this to execute remote code under the context of the current user.
-
16:06
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-212 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Shockwave handles KEY* elements in a Director file. The Shockwave player will allocate memory with a size taken from the Shockwave file but will always copy a few bytes into that allocation. KEY* sizes smaller then 4 will therefore cause an overwrite of the allocation. By cleverly crafting the input file, an attacker can leverage this to execute remote code under the context of the current user.
-
16:06
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-212 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Shockwave handles KEY* elements in a Director file. The Shockwave player will allocate memory with a size taken from the Shockwave file but will always copy a few bytes into that allocation. KEY* sizes smaller then 4 will therefore cause an overwrite of the allocation. By cleverly crafting the input file, an attacker can leverage this to execute remote code under the context of the current user.
-
-
23:14
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
23:14
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
23:14
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
21:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
21:04
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:19
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:19
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:14
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:15
»
SecuriTeam
Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Shockwave Player could allow an attacker to execute arbitrary code with the privileges of the current user.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
12:09
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Shockwave. The vulnerability is caused by a memory corruption error in the "DIRAPI.dll" module when processing the "LCTX" chunk within a Director File, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page. Adobe Shockwave Player versions 11.5.9.615 and prior are affected.
-
12:09
»
Packet Storm Security Recent Files
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Shockwave. The vulnerability is caused by a memory corruption error in the "DIRAPI.dll" module when processing the "LCTX" chunk within a Director File, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page. Adobe Shockwave Player versions 11.5.9.615 and prior are affected.
-
12:09
»
Packet Storm Security Misc. Files
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Shockwave. The vulnerability is caused by a memory corruption error in the "DIRAPI.dll" module when processing the "LCTX" chunk within a Director File, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page. Adobe Shockwave Player versions 11.5.9.615 and prior are affected.
-
-
0:21
»
Packet Storm Security Advisories
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing font structures within Director files. While processing data within the PFR1 chunk, the process trusts a size value and compares a sign-extended counter against it within a copy loop. By providing a sufficiently large value, this flaw can be abused by a remote attacker to execute arbitrary code under the context of the user running the browser.
-
0:21
»
Packet Storm Security Recent Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing font structures within Director files. While processing data within the PFR1 chunk, the process trusts a size value and compares a sign-extended counter against it within a copy loop. By providing a sufficiently large value, this flaw can be abused by a remote attacker to execute arbitrary code under the context of the user running the browser.
-
0:21
»
Packet Storm Security Misc. Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing font structures within Director files. While processing data within the PFR1 chunk, the process trusts a size value and compares a sign-extended counter against it within a copy loop. By providing a sufficiently large value, this flaw can be abused by a remote attacker to execute arbitrary code under the context of the user running the browser.
-
-
23:22
»
Packet Storm Security Advisories
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the IML32 module distributed with the player. While parsing GIF files within a director movie (.dir or .dcr) the code trusts the specified size of the global color table and uses it to determine an offset to image data. The process subsequently attempts to write two NULL bytes to the calculated address. A remote attacker can abuse this logic to corrupt memory at a controlled location and subsequently execute arbitrary code under the context of the user running the application.
-
23:22
»
Packet Storm Security Recent Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the IML32 module distributed with the player. While parsing GIF files within a director movie (.dir or .dcr) the code trusts the specified size of the global color table and uses it to determine an offset to image data. The process subsequently attempts to write two NULL bytes to the calculated address. A remote attacker can abuse this logic to corrupt memory at a controlled location and subsequently execute arbitrary code under the context of the user running the application.
-
23:22
»
Packet Storm Security Misc. Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the IML32 module distributed with the player. While parsing GIF files within a director movie (.dir or .dcr) the code trusts the specified size of the global color table and uses it to determine an offset to image data. The process subsequently attempts to write two NULL bytes to the calculated address. A remote attacker can abuse this logic to corrupt memory at a controlled location and subsequently execute arbitrary code under the context of the user running the application.
-
9:44
»
Packet Storm Security Advisories
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing a DEMX RIFF chunk within Director files. The logic within the TextXtra.x32 module fails to account for a specific condition and can be made to misallocate a buffer on the heap. By crafting specific values within DEMX substructures an attacker can corrupt memory leading to arbitrary code execution under the context of the user running the browser.
-
9:44
»
Packet Storm Security Recent Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing a DEMX RIFF chunk within Director files. The logic within the TextXtra.x32 module fails to account for a specific condition and can be made to misallocate a buffer on the heap. By crafting specific values within DEMX substructures an attacker can corrupt memory leading to arbitrary code execution under the context of the user running the browser.
-
9:44
»
Packet Storm Security Misc. Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing a DEMX RIFF chunk within Director files. The logic within the TextXtra.x32 module fails to account for a specific condition and can be made to misallocate a buffer on the heap. By crafting specific values within DEMX substructures an attacker can corrupt memory leading to arbitrary code execution under the context of the user running the browser.
-
-
18:24
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
18:24
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
23:02
»
Packet Storm Security Recent Files
Adobe Shockwave Player suffers from a rcsL chunk memory corruption vulnerability. This affects version 11.5.8.612 and possibly prior versions as well.
-
23:01
»
Packet Storm Security Exploits
Adobe Shockwave Player suffers from a rcsL chunk memory corruption vulnerability. This affects version 11.5.8.612 and possibly prior versions as well.
-
-
13:04
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
11:26
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
11:21
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
11:21
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
19:16
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
19:16
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
18:42
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
18:42
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
15:07
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:07
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:07
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:54
»
SecuriTeam
A critical vulnerability was discovered in Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
13:58
»
SecuriTeam
Two critical vulnerabilities were discovered in Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
13:58
»
SecuriTeam
A critical vulnerability was discovered in Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
13:06
»
SecuriTeam
A critical vulnerability was discovered in Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:32
»
SecuriTeam
Seven critical vulnerabilities were discovered in Adobe Shockwave Player.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
23:55
»
SecuriTeam
A vulnerability was discovered in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
23:55
»
SecuriTeam
fA vulnerability was discovered in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
23:55
»
SecuriTeam
A vulnerability was discovered in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
9:04
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered eleven critical vulnerabilities in Adobe Shockwave Player. These vulnerabilities are caused due to integer overflows, array indexing, and memory corruption errors when processing malformed Shockwave or Director files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Versions prior to 11.5.7.609 are affected.
-
9:01
»
Packet Storm Security Recent Files
iDefense Security Advisory 05.11.10 - Remote exploitation of a heap memory indexing vulnerability in Adobe Systems Inc.'s Shockwave Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability takes place during the processing of a certain malformed file. A function calculates an offset to be used within a memory mapped file and returns the offset value. The return value is not checked. This can lead to a condition where an attacker is able to overwrite memory outside the bounds of the allocated memory map. iDefense has confirmed the existence of this vulnerability in the latest version of Shockwave Player at the time of testing, version 11.5.6r606. Shockwave Player 11.5.6.606 and earlier versions for Windows and Macintosh are vulnerable.
-
9:01
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when processing FFFFFF45h Shockwave 3D blocks. This can be exploited to corrupt memory via a specially crafted Shockwave file. Successful exploitation allows execution of arbitrary code. Version 11.5.6.606 is affected.
-
9:00
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a signedness error when processing Shockwave files. This can be exploited to corrupt memory when a specially crafted Shockwave file (e.g. .dir ) is opened. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.
-
9:00
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an array indexing error when processing Shockwave files. This can be exploited to corrupt memory when a specially crafted Shockwave file (e.g. .dir ) is opened. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.
-
9:00
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error when processing Shockwave files. This can be exploited to corrupt memory when a specially crafted Shockwave file (e.g. .dir ) is opened. Successful exploitation may allow execution of arbitrary code.
-
9:00
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error when processing asset entries and can be exploited to corrupt memory via a specially crafted Shockwave file. Successful exploitation may allow execution of arbitrary code.
-
9:00
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error when parsing embedded fonts. This can be exploited to cause a heap-based buffer overflow via a specially crafted Shockwave file. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.
-
9:00
»
Packet Storm Security Advisories
iDefense Security Advisory 05.11.10 - Remote exploitation of a heap memory indexing vulnerability in Adobe Systems Inc.'s Shockwave Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability takes place during the processing of a certain malformed file. A function calculates an offset to be used within a memory mapped file and returns the offset value. The return value is not checked. This can lead to a condition where an attacker is able to overwrite memory outside the bounds of the allocated memory map. iDefense has confirmed the existence of this vulnerability in the latest version of Shockwave Player at the time of testing, version 11.5.6r606. Shockwave Player 11.5.6.606 and earlier versions for Windows and Macintosh are vulnerable.
-
9:00
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when processing FFFFFF45h Shockwave 3D blocks. This can be exploited to corrupt memory via a specially crafted Shockwave file. Successful exploitation allows execution of arbitrary code. Version 11.5.6.606 is affected.
-
9:00
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a signedness error when processing Shockwave files. This can be exploited to corrupt memory when a specially crafted Shockwave file (e.g. .dir ) is opened. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.
-
9:00
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an array indexing error when processing Shockwave files. This can be exploited to corrupt memory when a specially crafted Shockwave file (e.g. .dir ) is opened. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.
-
9:00
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error when processing Shockwave files. This can be exploited to corrupt memory when a specially crafted Shockwave file (e.g. .dir ) is opened. Successful exploitation may allow execution of arbitrary code.
-
9:00
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error when processing asset entries and can be exploited to corrupt memory via a specially crafted Shockwave file. Successful exploitation may allow execution of arbitrary code.
-
9:00
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error when parsing embedded fonts. This can be exploited to cause a heap-based buffer overflow via a specially crafted Shockwave file. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.
-
-
20:34
»
Packet Storm Security Recent Files
Code Audit Labs has discovered a vulnerability on vulnerable installations of Adobe's Shockwave Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when the Shockwave player attempts to load a specially crafted Adobe Director File. Exploitation can lead to remote system high cpu load (infinite loop).
-
20:33
»
Packet Storm Security Advisories
Code Audit Labs has discovered a vulnerability on vulnerable installations of Adobe's Shockwave Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when the Shockwave player attempts to load a specially crafted Adobe Director File. Exploitation can lead to remote system high cpu load (infinite loop).
-
-
18:00
»
Packet Storm Security Recent Files
Secunia Research has discovered four vulnerabilities in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by four integer overflow errors when processing a certain block type. These can be exploited to cause heap-based buffer overflows via specially crafted Shockwave files. Successful exploitation allows execution of arbitrary code. Version 11.5.2.602 is affected.
-
18:00
»
Packet Storm Security Advisories
Secunia Research has discovered four vulnerabilities in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by four integer overflow errors when processing a certain block type. These can be exploited to cause heap-based buffer overflows via specially crafted Shockwave files. Successful exploitation allows execution of arbitrary code. Version 11.5.2.602 is affected.
-
16:00
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer overflow error when processing a certain Shockwave 3D block. This can be exploited to corrupt memory via a specially crafted Shockwave file. Successful exploitation may allow execution of arbitrary code. Version 11.5.2.602 is affected.
-
16:00
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when processing Shockwave 3D models. This can be exploited to cause a heap-based buffer overflow via a specially crafted Shockwave file. Successful exploitation allows execution of arbitrary code. Version 11.5.2.602 is affected.
-
16:00
»
Packet Storm Security Recent Files
Secunia Research has discovered two vulnerabilities in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by two integer overflow errors when processing Shockwave 3D models. These can be exploited to corrupt heap memory via specially crafted Shockwave files. Successful exploitation may allow execution of arbitrary code. Version 11.5.2.602 is affected.
-
16:00
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer overflow error when processing a certain Shockwave 3D block. This can be exploited to corrupt memory via a specially crafted Shockwave file. Successful exploitation may allow execution of arbitrary code. Version 11.5.2.602 is affected.
-
16:00
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when processing Shockwave 3D models. This can be exploited to cause a heap-based buffer overflow via a specially crafted Shockwave file. Successful exploitation allows execution of arbitrary code. Version 11.5.2.602 is affected.
-
16:00
»
Packet Storm Security Advisories
Secunia Research has discovered two vulnerabilities in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by two integer overflow errors when processing Shockwave 3D models. These can be exploited to corrupt heap memory via specially crafted Shockwave files. Successful exploitation may allow execution of arbitrary code. Version 11.5.2.602 is affected.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution