CVE-2010-3653
The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- September 28, 2010
- Published Date
- October 26, 2010
- Last Updated
- August 07, 2024
- Vendor
- Adobe
- Product
- Shockwave Player
- Description
- The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.
- Tags
- Exploited in the Wild
- Yes (2010-10-26 17:00:00 UTC) Source
metasploit_scanner
CVSS Scores
CVSS v2.0
9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploit Status
References
http://www.adobe.com/support/security/bulletins/apsb10-25.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/62688
http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/
http://www.exploit-db.com/exploits/15296
http://www.kb.cert.org/vuls/id/402231
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285
http://www.securityfocus.com/bid/44291
http://www.securitytracker.com/id?1024635
http://www.vupen.com/english/advisories/2010/2752
Known Exploited Vulnerability Information
Source | Added Date |
---|---|
CVE | 2010-10-26 17:00:00 UTC |
Scanner Integrations
Scanner | URL | Date Detected |
---|---|---|
Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_shockwave_rcsl_corruption.rb | 2025-04-29 11:01:30 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
adobe_shockwave_rcsl_corruption
Type: metasploit • Created: Unknown
Metasploit module for CVE-2010-3653
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Metasploit