|Date: (C)2011-06-16 (M)2017-02-01|
|CVSS Score: 9.3||Access Vector: NETWORK|
|Exploitability Subscore: 8.6||Access Complexity: MEDIUM|
|Impact Subscore: 10.0||Authentication: NONE|
| ||Confidentiality: COMPLETE|
| ||Integrity: COMPLETE|
| ||Availability: COMPLETE|
Integer overflow in the Shockwave 3D Asset x32 component in Adobe Shockwave Player before 126.96.36.1996 allows remote attackers to execute arbitrary code via a crafted subrecord in a DEMX chunk, which triggers a heap-based buffer overflow.