CVE-2010-3653

The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of...

Basic Information

CVE State
PUBLISHED
Reserved Date
September 28, 2010
Published Date
October 26, 2010
Last Updated
August 07, 2024
Vendor
Adobe
Product
Shockwave Player
Description
The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.
Tags
metasploit_scanner

CVSS Scores

CVSS v2.0

9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploit Status

Exploited in the Wild
Yes (2010-10-26 17:00:00 UTC) Source

Known Exploited Vulnerability Information

Source Added Date
CVE 2010-10-26 17:00:00 UTC

Scanner Integrations

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

adobe_shockwave_rcsl_corruption

Type: metasploit • Created: Unknown

Metasploit module for CVE-2010-3653

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Metasploit