CVE-2010-1280

HIGH

Adobe Shockwave Player <11.5.7.609 - RCE/DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1280. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit targets a memory corruption vulnerability in Adobe Shockwave Player 11.5.6.606 by crafting a malicious .dir file. The PoC demonstrates arbitrary code execution via a buffer overflow, as evidenced by the crash and register overwrite in the provided debug output.

Description

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by LiquidWorm · cdoswindows

https://www.exploit-db.com/exploits/12578

View Code ZIP pw:eip

This exploit targets a memory corruption vulnerability in Adobe Shockwave Player 11.5.6.606 by crafting a malicious .dir file. The PoC demonstrates arbitrary code execution via a buffer overflow, as evidenced by the crash and register overwrite in the provided debug output.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Shockwave Player 11.5.6.606 and earlier

No auth needed

Prerequisites: Victim must open a malicious .dir file

MITRE ATT&CK