CVE-2010-3653
EXPLOITED IN THE WILDAdobe Shockwave Player < 11.5.8.612 - Memory Corruption
Title source: ruleDescription
The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16594
exploitdb
WRITEUP
VERIFIED
by Abysssec · textremotewindows
https://www.exploit-db.com/exploits/15296
metasploit
WORKING POC
NORMAL
by David Kennedy · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_shockwave_rcsl_corruption.rb
References (9)
Scores
EPSS
0.7778
EPSS Percentile
99.0%
Exploitation Intel
VulnCheck KEV
2010-10-21
InTheWild.io
2017-09-19
Classification
CWE
CWE-119
Status
draft
Affected Products (40)
adobe/shockwave_player
< 11.5.8.612
adobe/shockwave_player
adobe/shockwave_player
adobe/shockwave_player
adobe/shockwave_player
adobe/shockwave_player
adobe/shockwave_player
adobe/shockwave_player
adobe/shockwave_player
adobe/shockwave_player
adobe/shockwave_player
adobe/shockwave_player
adobe/shockwave_player
adobe/shockwave_player
adobe/shockwave_player
... and 25 more
Timeline
Published
Oct 26, 2010
Tracked Since
Feb 18, 2026