⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2010-3653Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Shockwave Player

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources
Severity
9.3CRITICALNVD
EPSS
77.8%
top 1.00%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Adobe Shockwave Player
Timeline
PublishedOct 26
Latest updateMay 17

Description

The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDadobe/shockwave_player11.5.8.612+39

🔴Vulnerability Details

3
GHSA
GHSA-xxv5-9hqx-8g9q: The Director module (dirapi2022-05-17
CVEList
CVE-2010-3653: The Director module (dirapi2010-10-26
VulnCheck
Adobe shockwave_player Improper Restriction of Operations within the Bounds of a Memory Buffer2010

💥Exploits & PoCs

2
Exploit-DB
Adobe Shockwave Player - rcsL Memory Corruption (Metasploit)2010-10-22
Exploit-DB
Adobe Shockwave Player - 'rcsL chunk' Memory Corruption2010-10-21
CVE-2010-3653 — Adobe Shockwave Player vulnerability | cvebase