CVE-2010-3653
Vulnerability from cvelistv5
Published
2010-10-26 17:00
Modified
2024-08-07 03:18
Severity ?
Summary
The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.
References
psirt@adobe.comhttp://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/
psirt@adobe.comhttp://www.adobe.com/support/security/bulletins/apsb10-25.html
psirt@adobe.comhttp://www.exploit-db.com/exploits/15296Exploit
psirt@adobe.comhttp://www.kb.cert.org/vuls/id/402231US Government Resource
psirt@adobe.comhttp://www.securityfocus.com/bid/44291Exploit
psirt@adobe.comhttp://www.securitytracker.com/id?1024635
psirt@adobe.comhttp://www.vupen.com/english/advisories/2010/2752Vendor Advisory
psirt@adobe.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/62688
psirt@adobe.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285
af854a3a-2127-422b-91ae-364da2661108http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb10-25.html
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/15296Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/402231US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/44291Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1024635
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2752Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/62688
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:18:53.097Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
          },
          {
            "name": "adobe-shockwave-rcsl-code-exec(62688)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62688"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/"
          },
          {
            "name": "15296",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/15296"
          },
          {
            "name": "VU#402231",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/402231"
          },
          {
            "name": "oval:org.mitre.oval:def:11285",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285"
          },
          {
            "name": "44291",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44291"
          },
          {
            "name": "1024635",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024635"
          },
          {
            "name": "ADV-2010-2752",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2752"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
        },
        {
          "name": "adobe-shockwave-rcsl-code-exec(62688)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62688"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/"
        },
        {
          "name": "15296",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/15296"
        },
        {
          "name": "VU#402231",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/402231"
        },
        {
          "name": "oval:org.mitre.oval:def:11285",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285"
        },
        {
          "name": "44291",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44291"
        },
        {
          "name": "1024635",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024635"
        },
        {
          "name": "ADV-2010-2752",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2752"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2010-3653",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb10-25.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
            },
            {
              "name": "adobe-shockwave-rcsl-code-exec(62688)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62688"
            },
            {
              "name": "http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/",
              "refsource": "MISC",
              "url": "http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/"
            },
            {
              "name": "15296",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/15296"
            },
            {
              "name": "VU#402231",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/402231"
            },
            {
              "name": "oval:org.mitre.oval:def:11285",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285"
            },
            {
              "name": "44291",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44291"
            },
            {
              "name": "1024635",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024635"
            },
            {
              "name": "ADV-2010-2752",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2752"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2010-3653",
    "datePublished": "2010-10-26T17:00:00",
    "dateReserved": "2010-09-28T00:00:00",
    "dateUpdated": "2024-08-07T03:18:53.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"11.5.8.612\", \"matchCriteriaId\": \"D71F810E-F23E-45FF-94F9-14D09490D018\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA5643BC-12F8-4F05-A363-9FC97EF1DD0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"085FA7DD-8048-4768-816C-82828022FCF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0DC258D-1C2B-4A7F-AD80-6C88A7A78A5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"966A8542-E5E1-468F-989E-47F71123A426\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DC1BCC0-B24B-4CFC-B3B9-FA3B0D968CC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFFDAAB3-CC22-4604-80B3-4A54CCEFD29E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A77F1733-6755-44E7-8ECC-CFB397FC79A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9282EC1A-DFDB-49A9-8BE1-013D9B494D99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4A8422D-39E4-490C-B3EC-FED7468D6B4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88A75AF4-F7BA-4CA4-8079-5D9794E1BD45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"712325E1-B37A-4994-B42E-F02553A3CB9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC55CB2C-4DBC-4D16-96A7-FB3316A21D51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FADB5808-5F9A-4FBD-A6FC-3DB17A6C6CF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFC415B5-F7C8-4277-A4A3-ECFA2CB38515\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3454FF46-3D72-4FF9-AF5B-2E948DA412D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4726504-850B-4434-A149-09000D21F917\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6D89450-C92C-4541-917B-AD047803A2AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"798EB26B-14D6-4E90-AC84-FF47B89B82E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA562619-7FAA-4FA6-AE42-55801AF00D9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA961FB2-C543-4A1C-9C9E-C56641EB13FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56D23F59-4939-4ABE-A5BC-283BFC362E45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE1DB962-10C6-4536-B693-4AF59F0C4D94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA60B4FB-2BA4-4304-A7B8-8F0676C4F022\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7D6B993-1CF8-4944-8456-B99A72F24814\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D18289BB-6568-4671-BC70-C8744DD2E0C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD29AACC-E101-494B-BFD4-D97FDBE4A584\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F52120E-9CAB-40D9-A577-5D8278139F50\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AAB05A7D-3017-4589-AE5C-B1A377AF02B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58C665F7-E05D-4A8C-B217-6689C95D3FF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8441B2BB-3837-4EDE-B44E-323B434CBF56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2007F032-06BA-4347-9D9E-2C7C4C9BBCD0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF19CBB1-F047-4472-A19D-48A147396383\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C51EB3CF-6770-4626-BDA7-9ED94A374911\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C61B9485-2A42-4C95-9A10-3F1102E4EBBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79FEEF7E-B477-485A-B9BC-98F6D1A2B10B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4FE4A01-9357-46D9-9BCB-DF2B4DECD9B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B9506D5-D8CA-4845-B2FA-0E47C9BB3C1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FBAFFFF-D658-45F0-AF14-BA29AA2D5394\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BFB28F3-ADA5-4BD1-9723-73FA291307BD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.\"}, {\"lang\": \"es\", \"value\": \"El m\\u00f3dulo Director (biblioteca dirapi.dll) en Shockwave Player de Adobe anterior a versi\\u00f3n 11.5.9.615, permite a los atacantes remotos ejecutar c\\u00f3digo arbitrario o causar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de memoria) por medio de una pel\\u00edcula de Director con un fragmento rcsL dise\\u00f1ado que contiene un campo cuyo valor se utiliza como un desplazamiento de puntero, como se explot\\u00f3 \\u201cin the wild\\u201d en octubre de 2010. NOTA: algunos de estos datos se obtienen de la informaci\\u00f3n de terceros.\"}]",
      "id": "CVE-2010-3653",
      "lastModified": "2024-11-21T01:19:18.787",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-10-26T18:00:01.597",
      "references": "[{\"url\": \"http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-25.html\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.exploit-db.com/exploits/15296\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/402231\", \"source\": \"psirt@adobe.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/44291\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1024635\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2752\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/62688\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-25.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.exploit-db.com/exploits/15296\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/402231\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/44291\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1024635\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2752\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/62688\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "psirt@adobe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-3653\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2010-10-26T18:00:01.597\",\"lastModified\":\"2024-11-21T01:19:18.787\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dulo Director (biblioteca dirapi.dll) en Shockwave Player de Adobe anterior a versi\u00f3n 11.5.9.615, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) por medio de una pel\u00edcula de Director con un fragmento rcsL dise\u00f1ado que contiene un campo cuyo valor se utiliza como un desplazamiento de puntero, como se explot\u00f3 \u201cin the wild\u201d en octubre de 2010. NOTA: algunos de estos datos se obtienen de la informaci\u00f3n de terceros.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"11.5.8.612\",\"matchCriteriaId\":\"D71F810E-F23E-45FF-94F9-14D09490D018\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA5643BC-12F8-4F05-A363-9FC97EF1DD0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"085FA7DD-8048-4768-816C-82828022FCF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0DC258D-1C2B-4A7F-AD80-6C88A7A78A5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"966A8542-E5E1-468F-989E-47F71123A426\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DC1BCC0-B24B-4CFC-B3B9-FA3B0D968CC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFFDAAB3-CC22-4604-80B3-4A54CCEFD29E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A77F1733-6755-44E7-8ECC-CFB397FC79A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9282EC1A-DFDB-49A9-8BE1-013D9B494D99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4A8422D-39E4-490C-B3EC-FED7468D6B4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88A75AF4-F7BA-4CA4-8079-5D9794E1BD45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"712325E1-B37A-4994-B42E-F02553A3CB9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC55CB2C-4DBC-4D16-96A7-FB3316A21D51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FADB5808-5F9A-4FBD-A6FC-3DB17A6C6CF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFC415B5-F7C8-4277-A4A3-ECFA2CB38515\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3454FF46-3D72-4FF9-AF5B-2E948DA412D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4726504-850B-4434-A149-09000D21F917\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6D89450-C92C-4541-917B-AD047803A2AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"798EB26B-14D6-4E90-AC84-FF47B89B82E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA562619-7FAA-4FA6-AE42-55801AF00D9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA961FB2-C543-4A1C-9C9E-C56641EB13FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56D23F59-4939-4ABE-A5BC-283BFC362E45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE1DB962-10C6-4536-B693-4AF59F0C4D94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA60B4FB-2BA4-4304-A7B8-8F0676C4F022\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7D6B993-1CF8-4944-8456-B99A72F24814\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D18289BB-6568-4671-BC70-C8744DD2E0C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD29AACC-E101-494B-BFD4-D97FDBE4A584\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F52120E-9CAB-40D9-A577-5D8278139F50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAB05A7D-3017-4589-AE5C-B1A377AF02B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58C665F7-E05D-4A8C-B217-6689C95D3FF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8441B2BB-3837-4EDE-B44E-323B434CBF56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2007F032-06BA-4347-9D9E-2C7C4C9BBCD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF19CBB1-F047-4472-A19D-48A147396383\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C51EB3CF-6770-4626-BDA7-9ED94A374911\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C61B9485-2A42-4C95-9A10-3F1102E4EBBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79FEEF7E-B477-485A-B9BC-98F6D1A2B10B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4FE4A01-9357-46D9-9BCB-DF2B4DECD9B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B9506D5-D8CA-4845-B2FA-0E47C9BB3C1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FBAFFFF-D658-45F0-AF14-BA29AA2D5394\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BFB28F3-ADA5-4BD1-9723-73FA291307BD\"}]}]}],\"references\":[{\"url\":\"http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-25.html\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.exploit-db.com/exploits/15296\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/402231\",\"source\":\"psirt@adobe.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/44291\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1024635\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/2752\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/62688\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-25.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.exploit-db.com/exploits/15296\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/402231\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/44291\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1024635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/2752\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/62688\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.