CVE-2010-2866

Adobe Shockwave Player <11.5.8.612 - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2866. PoCs published by Abysssec.

AI-analyzed exploit summary This exploit generates a malicious .DIR file and an HTML file to trigger a memory corruption vulnerability in Adobe Shockwave Director via a crafted tSAC chunk. The PoC writes a corrupted .DIR file and an HTML file to exploit CVE-2010-2866.

Description

Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure" and the tSAC chunk in a Director movie.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Abysssec · pythondoswindows

https://www.exploit-db.com/exploits/15076

View Code ZIP pw:eip

This exploit generates a malicious .DIR file and an HTML file to trigger a memory corruption vulnerability in Adobe Shockwave Director via a crafted tSAC chunk. The PoC writes a corrupted .DIR file and an HTML file to exploit CVE-2010-2866.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Shockwave Director dirapi.dll 11.5.7

No auth needed

Prerequisites: Victim must open the malicious HTML file in a browser with Adobe Shockwave Director installed

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Vendor Advisory x_refsource_misc

http://dvlabs.tippingpoint.com/advisory/TPTI-10-13

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1024361

Patch, Vendor Advisory x_refsource_confirm

http://www.adobe.com/support/security/bulletins/apsb10-20.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11932

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/513301/100/0/threaded

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/2176

Scores

EPSS 0.1301

EPSS Percentile 95.8%

Details

CWE

CWE-189

Status published

Products (40)

adobe/shockwave_player 1.0

adobe/shockwave_player 2.0

adobe/shockwave_player 3.0

adobe/shockwave_player 4.0

adobe/shockwave_player 5.0

adobe/shockwave_player 6.0

adobe/shockwave_player 8.0

adobe/shockwave_player 8.0.196

adobe/shockwave_player 8.0.196a

adobe/shockwave_player 8.0.204

... and 30 more

Published Aug 26, 2010

Tracked Since Feb 18, 2026