VUPEN Vulnerability Research Team discovered seven critical vulnerabilities in Adobe Shockwave Player. These vulnerabilities are caused due to memory corruptions, array indexing, heap overflows and invalid pointers when processing malformed files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Versions prior to 11.5.7.609 are affected.
350e0f3198e35fcf0c1c75b940682fbeffa174ddc0b609b86fc1a35c428f798e
Code Audit Labs has discovered a vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Shockwave Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when the Shockwave player attempts to load a specially crafted Adobe Director File. When a malicious value is used during a memory dereference a possible 4-byte memory overwrite may occur. Exploitation can lead to remote system compromise under the credentials of the currently logged in user.
a0f77eecd2a1403c980cb9c466c4691d6c105d645ef19b2d595726c654d1d978
Shockwave Player versions 11.5.6.606 and below from Adobe suffer from memory consumption / corruption and buffer overflow vulnerabilities that can aid the attacker in causing a denial of service scenario and arbitrary code execution. The vulnerable software fails to sanitize user input when processing .dir files resulting in a crash and overwrite of a few memory registers.
8ec4df5f63f6cfd2422941ca53290e7e3b28c5e09824a064172cf191aa1bea88