Published: 26/10/2010 Updated: 19/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The Director module (dirapi.dll) in Adobe Shockwave Player prior to 11.5.9.615 allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe shockwave player 11.5.6.606
adobe shockwave player 11.5.2.602
adobe shockwave player 10.2.0.022
adobe shockwave player 10.1.0.11
adobe shockwave player 9.0.383
adobe shockwave player 9.0.432
adobe shockwave player 8.5.325
adobe shockwave player 8.0.196
adobe shockwave player 5.0
adobe shockwave player 4.0
adobe shockwave player 11.5.0.596
adobe shockwave player 11.5.7.609
adobe shockwave player 10.1.1.016
adobe shockwave player 10.1.0.011
adobe shockwave player 8.0.204
adobe shockwave player 8.0.205
adobe shockwave player 8.5.1.106
adobe shockwave player 8.0
adobe shockwave player 8.5.1.105
adobe shockwave player 1.0
adobe shockwave player
adobe shockwave player 11.0.0.456
adobe shockwave player 11.0.3.471
adobe shockwave player 10.2.0.023
adobe shockwave player 10.0.1.004
adobe shockwave player 10.0.0.210
adobe shockwave player 8.5.1.100
adobe shockwave player 8.5.323
adobe shockwave player 8.5.1.103
adobe shockwave player 6.0
adobe shockwave player 11.5.1.601
adobe shockwave player 11.5.0.595
adobe shockwave player 10.2.0.021
adobe shockwave player 10.1.4.020
adobe shockwave player 8.5.321
adobe shockwave player 8.5.324
adobe shockwave player 8.0.196a
adobe shockwave player 8.5.1
adobe shockwave player 3.0
adobe shockwave player 2.0

## # $Id: adobe_shockwave_rcsl_corruptionrb 10784 2010-10-22 12:21:30Z swtornio $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## requir ...

Abysssec Inc Public Advisory 1) Advisory information Title : Adobe Shockwave player rcsL chunk memory corruption Version : Adobe Shockwave player 1158612 (latest on writing time) Discovery : wwwabyssseccom Vendor : wwwadobecom Impact : Critical C ...

Investigation Report for the September 2014 Equation malware detection incident in the US

Securelist • Kaspersky Lab • 16 Nov 2017

In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were tr...

CVE-2010-3653

Vulnerability Summary

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect