shockwave software vulnerabilities
vulnerabilities.aspcode.net
Searching shockwave software vulnerabilities
Auto-update feature of Macromedia Shockwave 7 t
information
|
Auto-update
|
Macromedia
|
transmits
|
Shockwave
|
password
|
feature
|
user's
|
back
|
hard
|
disk
|
Auto-update feature of Macromedia Shockwave 7 transmits a user's password and hard disk information back to Macromedia.
Macromedia Flash Player 4.0 r12 through 6.0.47.
Macromedia
|
through
|
Player
|
Flash
|
r12
|
Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers.
Adobe Acrobat and Acrobat Reader 6.0 allow remo
attackers
|
arbitrary
|
Shockwave
|
embedded
|
contains
|
Acrobat
|
remote
|
Reader
|
Adobe
|
files
|
allow
|
read
|
file
|
via
|
PDF
|
Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read arbitrary files via a PDF file that contains an embedded Shockwave (swf) file that references files outside of the temporary directory.
Stack-based buffer overflow in an ActiveX contr
Stack-based
|
Macromedia
|
installer
|
Shockwave
|
overflow
|
ActiveX
|
control
|
Player
|
buffer
|
Adobe
|
Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters.
jscript.dll in Microsoft Internet Explorer 6.0
jscriptdll
|
attackers
|
Microsoft
|
Explorer
|
Internet
|
service
|
earlier
|
denial
|
allows
|
remote
|
cause
|
SP1
|
jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference.
Internet Explorer 6 for Windows XP SP2 and earl
application
|
re-opening
|
attackers
|
Shockwave
|
malicious
|
phishing
|
Explorer
|
possibly
|
Internet
|
changing
|
location
|
attacks
|
trusted
|
loading
|
address
|
earlier
|
conduct
|
Windows
|
remote
|
window
|
allows
|
while
|
spoof
|
Flash
|
still
|
back
|
then
|
bar
|
SP2
|
URL
|
Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.
Firefox 1.5.0.1 allows remote attackers to spoo
Firefox
|
Firefox 1.5.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: a followup was unable to replicate this issue.
Microsoft Excel allows user-assisted attackers
user-assisted
|
automatically
|
spreadsheet
|
javascript
|
arbitrary
|
Shockwave
|
Microsoft
|
attackers
|
embedded
|
executed
|
redirect
|
ActiveX
|
execute
|
Player
|
Object
|
allows
|
which
|
users
|
Excel
|
sites
|
Flash
|
opens
|
user
|
via
|
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.
An ActiveX control in SwDir.dll in Macromedia S
Macromedia
|
Shockwave
|
attackers
|
SwDirdll
|
control
|
service
|
ActiveX
|
denial
|
allows
|
remote
|
cause
|
An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute.
Cross-site scripting (XSS) vulnerability in Nuk
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a getURL statement in a .swf file, as demonstrated by "Remote Cookie Disclosure." NOTE: it could be argued that this is an issue in Shockwave instead of Nuked Klan.
Multiple stack-based buffer overflows in an Act
stack-based
|
overflows
|
Multiple
|
SwDirdll
|
control
|
ActiveX
|
buffer
|
Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4) Sound, (5) DrawLogo, or (6) DrawProgress property value, different vectors than CVE-2006-6885.
Software vulnerabilities results 1 to 12 of 12
Page:
1