The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.
Published 2010-10-26 18:00:02
Updated 2017-09-19 01:31:31
View at NVD,   CVE.org
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2010-3653

Probability of exploitation activity in the next 30 days: 91.91%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2010-3653

  • Adobe Shockwave rcsL Memory Corruption
    Disclosure Date: 2010-10-21
    First seen: 2020-04-26
    exploit/windows/browser/adobe_shockwave_rcsl_corruption
    This module exploits a weakness in the Adobe Shockwave player's handling of Director movies (.DIR). A memory corruption vulnerability occurs through an undocumented rcsL chunk. Authors: - David Kennedy "ReL1K" <kennedyd013@gmail.com>

CVSS scores for CVE-2010-3653

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
9.3
HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
NIST

CWE ids for CVE-2010-3653

References for CVE-2010-3653

Products affected by CVE-2010-3653

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!