Описание
Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.
Ссылки
- Third Party Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Permissions RequiredThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryTool Signature
- Third Party Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Permissions RequiredThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryTool Signature
Уязвимые конфигурации
Конфигурация 1Версия до 11.5.7.609 (исключая)
Одновременно
cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.08605
Низкий
8.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 8.8
github
почти 4 года назад
Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.
EPSS
Процентиль: 92%
0.08605
Низкий
8.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-787