CVE-2010-3653

EXPLOITED IN THE WILD

Adobe Shockwave Player < 11.5.8.612 - Memory Corruption

Title source: rule

Description

The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16594
exploitdb WRITEUP VERIFIED
by Abysssec · textremotewindows
https://www.exploit-db.com/exploits/15296
metasploit WORKING POC NORMAL
by David Kennedy · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_shockwave_rcsl_corruption.rb

References (9)

Scores

EPSS 0.7778
EPSS Percentile 99.0%

Details

VulnCheck KEV 2010-10-21
InTheWild.io 2017-09-19
CWE
CWE-119
Status published
Products (40)
adobe/shockwave_player 1.0
adobe/shockwave_player 2.0
adobe/shockwave_player 3.0
adobe/shockwave_player 4.0
adobe/shockwave_player 5.0
adobe/shockwave_player 6.0
adobe/shockwave_player 8.0
adobe/shockwave_player 8.0.196
adobe/shockwave_player 8.0.196a
adobe/shockwave_player 8.0.204
... and 30 more
Published Oct 26, 2010
Tracked Since Feb 18, 2026