cvelistv5 - cve-2010-3653

CVE-2010-3653 (GCVE-0-2010-3653)

Vulnerability from cvelistv5 – Published: 2010-10-26 17:00 – Updated: 2024-08-07 03:18

Summary

The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.

Severity ?

No CVSS data available.

CWE

Assigner

adobe

References

URL

Tags

	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.abysssec.com/blog/2010/10/adobe-shockw…	x_refsource_MISC
	http://www.exploit-db.com/exploits/15296	exploitx_refsource_EXPLOIT-DB
	http://www.kb.cert.org/vuls/id/402231	third-party-advisoryx_refsource_CERT-VN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/bid/44291	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id?1024635	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2010/2752	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:18:53.097Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
          },
          {
            "name": "adobe-shockwave-rcsl-code-exec(62688)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62688"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/"
          },
          {
            "name": "15296",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/15296"
          },
          {
            "name": "VU#402231",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/402231"
          },
          {
            "name": "oval:org.mitre.oval:def:11285",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285"
          },
          {
            "name": "44291",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44291"
          },
          {
            "name": "1024635",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024635"
          },
          {
            "name": "ADV-2010-2752",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2752"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
        },
        {
          "name": "adobe-shockwave-rcsl-code-exec(62688)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62688"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/"
        },
        {
          "name": "15296",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/15296"
        },
        {
          "name": "VU#402231",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/402231"
        },
        {
          "name": "oval:org.mitre.oval:def:11285",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285"
        },
        {
          "name": "44291",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44291"
        },
        {
          "name": "1024635",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024635"
        },
        {
          "name": "ADV-2010-2752",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2752"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2010-3653",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb10-25.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
            },
            {
              "name": "adobe-shockwave-rcsl-code-exec(62688)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62688"
            },
            {
              "name": "http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/",
              "refsource": "MISC",
              "url": "http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/"
            },
            {
              "name": "15296",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/15296"
            },
            {
              "name": "VU#402231",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/402231"
            },
            {
              "name": "oval:org.mitre.oval:def:11285",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285"
            },
            {
              "name": "44291",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44291"
            },
            {
              "name": "1024635",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024635"
            },
            {
              "name": "ADV-2010-2752",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2752"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2010-3653",
    "datePublished": "2010-10-26T17:00:00",
    "dateReserved": "2010-09-28T00:00:00",
    "dateUpdated": "2024-08-07T03:18:53.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"11.5.8.612\", \"matchCriteriaId\": \"D71F810E-F23E-45FF-94F9-14D09490D018\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA5643BC-12F8-4F05-A363-9FC97EF1DD0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"085FA7DD-8048-4768-816C-82828022FCF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0DC258D-1C2B-4A7F-AD80-6C88A7A78A5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"966A8542-E5E1-468F-989E-47F71123A426\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DC1BCC0-B24B-4CFC-B3B9-FA3B0D968CC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFFDAAB3-CC22-4604-80B3-4A54CCEFD29E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A77F1733-6755-44E7-8ECC-CFB397FC79A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9282EC1A-DFDB-49A9-8BE1-013D9B494D99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4A8422D-39E4-490C-B3EC-FED7468D6B4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88A75AF4-F7BA-4CA4-8079-5D9794E1BD45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"712325E1-B37A-4994-B42E-F02553A3CB9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC55CB2C-4DBC-4D16-96A7-FB3316A21D51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FADB5808-5F9A-4FBD-A6FC-3DB17A6C6CF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFC415B5-F7C8-4277-A4A3-ECFA2CB38515\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3454FF46-3D72-4FF9-AF5B-2E948DA412D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4726504-850B-4434-A149-09000D21F917\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6D89450-C92C-4541-917B-AD047803A2AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"798EB26B-14D6-4E90-AC84-FF47B89B82E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA562619-7FAA-4FA6-AE42-55801AF00D9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA961FB2-C543-4A1C-9C9E-C56641EB13FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56D23F59-4939-4ABE-A5BC-283BFC362E45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE1DB962-10C6-4536-B693-4AF59F0C4D94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA60B4FB-2BA4-4304-A7B8-8F0676C4F022\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7D6B993-1CF8-4944-8456-B99A72F24814\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D18289BB-6568-4671-BC70-C8744DD2E0C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD29AACC-E101-494B-BFD4-D97FDBE4A584\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F52120E-9CAB-40D9-A577-5D8278139F50\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AAB05A7D-3017-4589-AE5C-B1A377AF02B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58C665F7-E05D-4A8C-B217-6689C95D3FF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8441B2BB-3837-4EDE-B44E-323B434CBF56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2007F032-06BA-4347-9D9E-2C7C4C9BBCD0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF19CBB1-F047-4472-A19D-48A147396383\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C51EB3CF-6770-4626-BDA7-9ED94A374911\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C61B9485-2A42-4C95-9A10-3F1102E4EBBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79FEEF7E-B477-485A-B9BC-98F6D1A2B10B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4FE4A01-9357-46D9-9BCB-DF2B4DECD9B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B9506D5-D8CA-4845-B2FA-0E47C9BB3C1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FBAFFFF-D658-45F0-AF14-BA29AA2D5394\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BFB28F3-ADA5-4BD1-9723-73FA291307BD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.\"}, {\"lang\": \"es\", \"value\": \"El m\\u00f3dulo Director (biblioteca dirapi.dll) en Shockwave Player de Adobe anterior a versi\\u00f3n 11.5.9.615, permite a los atacantes remotos ejecutar c\\u00f3digo arbitrario o causar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de memoria) por medio de una pel\\u00edcula de Director con un fragmento rcsL dise\\u00f1ado que contiene un campo cuyo valor se utiliza como un desplazamiento de puntero, como se explot\\u00f3 \\u201cin the wild\\u201d en octubre de 2010. NOTA: algunos de estos datos se obtienen de la informaci\\u00f3n de terceros.\"}]",
      "id": "CVE-2010-3653",
      "lastModified": "2024-11-21T01:19:18.787",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-10-26T18:00:01.597",
      "references": "[{\"url\": \"http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-25.html\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.exploit-db.com/exploits/15296\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/402231\", \"source\": \"psirt@adobe.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/44291\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1024635\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2752\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/62688\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-25.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.exploit-db.com/exploits/15296\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/402231\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/44291\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1024635\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2752\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/62688\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "psirt@adobe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-3653\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2010-10-26T18:00:01.597\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dulo Director (biblioteca dirapi.dll) en Shockwave Player de Adobe anterior a versi\u00f3n 11.5.9.615, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) por medio de una pel\u00edcula de Director con un fragmento rcsL dise\u00f1ado que contiene un campo cuyo valor se utiliza como un desplazamiento de puntero, como se explot\u00f3 \u201cin the wild\u201d en octubre de 2010. NOTA: algunos de estos datos se obtienen de la informaci\u00f3n de terceros.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"11.5.8.612\",\"matchCriteriaId\":\"D71F810E-F23E-45FF-94F9-14D09490D018\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA5643BC-12F8-4F05-A363-9FC97EF1DD0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"085FA7DD-8048-4768-816C-82828022FCF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0DC258D-1C2B-4A7F-AD80-6C88A7A78A5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"966A8542-E5E1-468F-989E-47F71123A426\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DC1BCC0-B24B-4CFC-B3B9-FA3B0D968CC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFFDAAB3-CC22-4604-80B3-4A54CCEFD29E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A77F1733-6755-44E7-8ECC-CFB397FC79A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9282EC1A-DFDB-49A9-8BE1-013D9B494D99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4A8422D-39E4-490C-B3EC-FED7468D6B4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88A75AF4-F7BA-4CA4-8079-5D9794E1BD45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"712325E1-B37A-4994-B42E-F02553A3CB9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC55CB2C-4DBC-4D16-96A7-FB3316A21D51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FADB5808-5F9A-4FBD-A6FC-3DB17A6C6CF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFC415B5-F7C8-4277-A4A3-ECFA2CB38515\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3454FF46-3D72-4FF9-AF5B-2E948DA412D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4726504-850B-4434-A149-09000D21F917\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6D89450-C92C-4541-917B-AD047803A2AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"798EB26B-14D6-4E90-AC84-FF47B89B82E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA562619-7FAA-4FA6-AE42-55801AF00D9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA961FB2-C543-4A1C-9C9E-C56641EB13FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56D23F59-4939-4ABE-A5BC-283BFC362E45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE1DB962-10C6-4536-B693-4AF59F0C4D94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA60B4FB-2BA4-4304-A7B8-8F0676C4F022\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7D6B993-1CF8-4944-8456-B99A72F24814\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D18289BB-6568-4671-BC70-C8744DD2E0C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD29AACC-E101-494B-BFD4-D97FDBE4A584\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F52120E-9CAB-40D9-A577-5D8278139F50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAB05A7D-3017-4589-AE5C-B1A377AF02B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58C665F7-E05D-4A8C-B217-6689C95D3FF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8441B2BB-3837-4EDE-B44E-323B434CBF56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2007F032-06BA-4347-9D9E-2C7C4C9BBCD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF19CBB1-F047-4472-A19D-48A147396383\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C51EB3CF-6770-4626-BDA7-9ED94A374911\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C61B9485-2A42-4C95-9A10-3F1102E4EBBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79FEEF7E-B477-485A-B9BC-98F6D1A2B10B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4FE4A01-9357-46D9-9BCB-DF2B4DECD9B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B9506D5-D8CA-4845-B2FA-0E47C9BB3C1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FBAFFFF-D658-45F0-AF14-BA29AA2D5394\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BFB28F3-ADA5-4BD1-9723-73FA291307BD\"}]}]}],\"references\":[{\"url\":\"http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-25.html\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.exploit-db.com/exploits/15296\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/402231\",\"source\":\"psirt@adobe.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/44291\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1024635\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/2752\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/62688\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-25.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.exploit-db.com/exploits/15296\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/402231\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/44291\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1024635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/2752\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/62688\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2010-3653

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-3653

Aliases

CVE-2010-3653

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-3653",
    "description": "The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.",
    "id": "GSD-2010-3653",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2010-3653"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-3653"
      ],
      "details": "The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.",
      "id": "GSD-2010-3653",
      "modified": "2023-12-13T01:21:34.220838Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2010-3653",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb10-25.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
          },
          {
            "name": "adobe-shockwave-rcsl-code-exec(62688)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62688"
          },
          {
            "name": "http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/",
            "refsource": "MISC",
            "url": "http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/"
          },
          {
            "name": "15296",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/15296"
          },
          {
            "name": "VU#402231",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/402231"
          },
          {
            "name": "oval:org.mitre.oval:def:11285",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285"
          },
          {
            "name": "44291",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/44291"
          },
          {
            "name": "1024635",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1024635"
          },
          {
            "name": "ADV-2010-2752",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/2752"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.5.8.612",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2010-3653"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "15296",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.exploit-db.com/exploits/15296"
            },
            {
              "name": "44291",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/44291"
            },
            {
              "name": "ADV-2010-2752",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2752"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb10-25.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
            },
            {
              "name": "http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/"
            },
            {
              "name": "VU#402231",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/402231"
            },
            {
              "name": "1024635",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1024635"
            },
            {
              "name": "adobe-shockwave-rcsl-code-exec(62688)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62688"
            },
            {
              "name": "oval:org.mitre.oval:def:11285",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-19T01:31Z",
      "publishedDate": "2010-10-26T18:00Z"
    }
  }
}

GHSA-XXV5-9HQX-8G9Q

Vulnerability from github – Published: 2022-05-17 01:03 – Updated: 2025-04-11 03:40

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-3653"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-10-26T18:00:00Z",
    "severity": "HIGH"
  },
  "details": "The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.",
  "id": "GHSA-xxv5-9hqx-8g9q",
  "modified": "2025-04-11T03:40:39Z",
  "published": "2022-05-17T01:03:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3653"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62688"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285"
    },
    {
      "type": "WEB",
      "url": "http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/15296"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/402231"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/44291"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024635"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2752"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2010-AVI-523

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités permettant l'exécution de code arbitraire à distance ont été corrigées dans Adobe Shockwave Player.

Description

Plusieurs vulnérabilités ont été corrigées dans Adobe Shockwave Player. Elles permettent, entre autre, à une personne distante malintentionnée d'exécuter du code arbitraire au moyen d'un fichier DIR spécialement construit. Ce bulletin corrige la vulnérabilité décrite dans l'alerte CERTA-2010-ALE-016 du 22 octobre 2010.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Adobe Shockwave Player 11.5.8.612 et antérieures, pour les systèmes Windows et Macintosh.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB10-25 du 28 octobre 2010	None	vendor-advisory
Alerte CERTA-2010-ALE-016 du 22 octobre 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eAdobe Shockwave Player 11.5.8.612 et  ant\u00e9rieures, pour les syst\u00e8mes Windows et Macintosh.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Adobe Shockwave Player.\nElles permettent, entre autre, \u00e0 une personne distante malintentionn\u00e9e\nd\u0027ex\u00e9cuter du code arbitraire au moyen d\u0027un fichier DIR sp\u00e9cialement\nconstruit. Ce bulletin corrige la vuln\u00e9rabilit\u00e9 d\u00e9crite dans l\u0027alerte\nCERTA-2010-ALE-016 du 22 octobre 2010.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4088"
    },
    {
      "name": "CVE-2010-3653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3653"
    },
    {
      "name": "CVE-2010-2582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2582"
    },
    {
      "name": "CVE-2010-3655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3655"
    },
    {
      "name": "CVE-2010-4084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4084"
    },
    {
      "name": "CVE-2010-4086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4086"
    },
    {
      "name": "CVE-2010-4090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4090"
    },
    {
      "name": "CVE-2010-2581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2581"
    },
    {
      "name": "CVE-2010-4089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4089"
    },
    {
      "name": "CVE-2010-4087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4087"
    },
    {
      "name": "CVE-2010-4085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4085"
    }
  ],
  "links": [
    {
      "title": "Alerte CERTA-2010-ALE-016 du 22 octobre 2010 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ALE-016/index.html"
    }
  ],
  "reference": "CERTA-2010-AVI-523",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-10-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance ont \u00e9t\u00e9 corrig\u00e9es dans Adobe Shockwave Player.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Shockwave Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB10-25 du 28 octobre 2010",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
    }
  ]
}

CERTA-2010-AVI-523

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités permettant l'exécution de code arbitraire à distance ont été corrigées dans Adobe Shockwave Player.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Adobe Shockwave Player 11.5.8.612 et antérieures, pour les systèmes Windows et Macintosh.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB10-25 du 28 octobre 2010	None	vendor-advisory
Alerte CERTA-2010-ALE-016 du 22 octobre 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eAdobe Shockwave Player 11.5.8.612 et  ant\u00e9rieures, pour les syst\u00e8mes Windows et Macintosh.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Adobe Shockwave Player.\nElles permettent, entre autre, \u00e0 une personne distante malintentionn\u00e9e\nd\u0027ex\u00e9cuter du code arbitraire au moyen d\u0027un fichier DIR sp\u00e9cialement\nconstruit. Ce bulletin corrige la vuln\u00e9rabilit\u00e9 d\u00e9crite dans l\u0027alerte\nCERTA-2010-ALE-016 du 22 octobre 2010.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4088"
    },
    {
      "name": "CVE-2010-3653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3653"
    },
    {
      "name": "CVE-2010-2582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2582"
    },
    {
      "name": "CVE-2010-3655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3655"
    },
    {
      "name": "CVE-2010-4084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4084"
    },
    {
      "name": "CVE-2010-4086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4086"
    },
    {
      "name": "CVE-2010-4090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4090"
    },
    {
      "name": "CVE-2010-2581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2581"
    },
    {
      "name": "CVE-2010-4089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4089"
    },
    {
      "name": "CVE-2010-4087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4087"
    },
    {
      "name": "CVE-2010-4085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4085"
    }
  ],
  "links": [
    {
      "title": "Alerte CERTA-2010-ALE-016 du 22 octobre 2010 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ALE-016/index.html"
    }
  ],
  "reference": "CERTA-2010-AVI-523",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-10-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance ont \u00e9t\u00e9 corrig\u00e9es dans Adobe Shockwave Player.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Shockwave Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB10-25 du 28 octobre 2010",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
    }
  ]
}

CERTA-2010-ALE-016

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité découverte dans Adobe Shockwave Player permet à un utilisateur de provoquer un déni de service ou d'exécuter du code arbitraire à distance.

Description

Une vulnérabilité causée par une erreur dans le traitement des fichiers au format DIR a été découverte dans Adobe Shockwave Player. Elle permet à une personne malveillante distante de provoquer un déni de service ou d'exécuter du code arbitraire. Cette vulnérabilité peut être exploitée au moyen d'un fichier DIR spécialement construit, via un navigateur Internet mais d'autres vecteurs d'exploitation sont envisageables.

Contournement provisoire

Ces contournements provisoires ne sont plus d'actualité, un correctif étant disponible Désactiver Shockwave Player.

Afin de limiter l'impact lié à l'exploitation de cette vulnérabilité, les contournements décrits ci-dessous, non exhaustifs, peuvent être appliqués.

Remarque : la mise en oeuvre de ces contournements de sécurité peut avoir des effets de bords sur l'activité du système. Il est important de les tester avant tout déploiement.

5.1 ActiveX pour Internet Explorer

Désactiver le contrôle ActiveX. Il faut positionner la valeur Compatibility Flags pour le Class Identifier comme décrit ci-dessous :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}]
``Compatibility Flags''=dword:00000400

Class Identifier à désactiver :

{233C1507-6A77-46A4-9443-F871F945D258}

5.2 Module pour Mozilla Firefox

Désactiver le module Shockwave for Director dans le navigateur de Mozilla Firefox :

Dans Outils, puis Modules complémentaires ;
sélectionner le module Shockwave for Director et le désactiver.

Solution

Se référer au bulletin de sécurité Adobe APSB10-25 du 28 octobre 2010 pour l'obtention des correctifs (cf. section Documentation).

Adobe Shockwave Player 11.5.8.612 et antérieures.

Cette vulnérabilité peut affecter les systèmes d'exploitation suivants :

Microsoft Windows ;
Apple Mac OS X.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe du 21 octobre 2010	None	vendor-advisory
Bulletin de sécurité Adobe APSB10-25 du 28 ocotbre 2010 :	-	other
Avis CERTA-2010-AVI-523 du 29 octobre 2010 :	-	other
Bulletin de sécurité Adobe APSA10-04.html du 21 octobre 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eAdobe Shockwave Player 11.5.8.612 et ant\u00e9rieures.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eCette vuln\u00e9rabilit\u00e9 peut affecter les syst\u00e8mes d\u0027exploitation  suivants :\u003c/P\u003e  \u003cUL\u003e    \u003cLI\u003eMicrosoft Windows ;\u003c/LI\u003e    \u003cLI\u003eApple Mac OS X.\u003c/LI\u003e  \u003c/UL\u003e",
  "closed_at": "2010-10-29",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 caus\u00e9e par une erreur dans le traitement des fichiers\nau format DIR a \u00e9t\u00e9 d\u00e9couverte dans Adobe Shockwave Player. Elle permet\n\u00e0 une personne malveillante distante de provoquer un d\u00e9ni de service ou\nd\u0027ex\u00e9cuter du code arbitraire. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e\nau moyen d\u0027un fichier DIR sp\u00e9cialement construit, via un navigateur\nInternet mais d\u0027autres vecteurs d\u0027exploitation sont envisageables.\n\n## Contournement provisoire\n\nCes contournements provisoires ne sont plus d\u0027actualit\u00e9, un correctif\n\u00e9tant disponible D\u00e9sactiver Shockwave Player.\n\nAfin de limiter l\u0027impact li\u00e9 \u00e0 l\u0027exploitation de cette vuln\u00e9rabilit\u00e9,\nles contournements d\u00e9crits ci-dessous, non exhaustifs, peuvent \u00eatre\nappliqu\u00e9s.\n\nRemarque : la mise en oeuvre de ces contournements de s\u00e9curit\u00e9 peut\navoir des effets de bords sur l\u0027activit\u00e9 du syst\u00e8me. Il est important de\nles tester avant tout d\u00e9ploiement.\n\n## 5.1 ActiveX pour Internet Explorer\n\nD\u00e9sactiver le contr\u00f4le ActiveX. Il faut positionner la valeur\nCompatibility Flags pour le Class Identifier comme d\u00e9crit ci-dessous :\n\n    [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}]\n    ``Compatibility Flags\u0027\u0027=dword:00000400\n\nClass Identifier \u00e0 d\u00e9sactiver :  \n\n    {233C1507-6A77-46A4-9443-F871F945D258}\n\n## 5.2 Module pour Mozilla Firefox\n\nD\u00e9sactiver le module Shockwave for Director dans le navigateur de\nMozilla Firefox :\n\n-   Dans Outils, puis Modules compl\u00e9mentaires ;\n-   s\u00e9lectionner le module Shockwave for Director et le d\u00e9sactiver.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Adobe APSB10-25 du 28 octobre 2010\npour l\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3653"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB10-25 du 28 ocotbre 2010 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
    },
    {
      "title": "Avis CERTA-2010-AVI-523 du 29 octobre 2010 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-AVI-523/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSA10-04.html du 21 octobre    2010 :",
      "url": "http://www.adobe.com/support/security/advisories/apsa10-04.html"
    }
  ],
  "reference": "CERTA-2010-ALE-016",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-10-22T00:00:00.000000"
    },
    {
      "description": "ajout du correctif.",
      "revision_date": "2010-10-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 d\u00e9couverte dans Adobe Shockwave Player permet \u00e0 un\nutilisateur de provoquer un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 Adobe Shockwave Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe du 21 octobre 2010",
      "url": null
    }
  ]
}

CERTA-2010-ALE-016

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité découverte dans Adobe Shockwave Player permet à un utilisateur de provoquer un déni de service ou d'exécuter du code arbitraire à distance.

Description

Contournement provisoire

Ces contournements provisoires ne sont plus d'actualité, un correctif étant disponible Désactiver Shockwave Player.

Afin de limiter l'impact lié à l'exploitation de cette vulnérabilité, les contournements décrits ci-dessous, non exhaustifs, peuvent être appliqués.

Remarque : la mise en oeuvre de ces contournements de sécurité peut avoir des effets de bords sur l'activité du système. Il est important de les tester avant tout déploiement.

5.1 ActiveX pour Internet Explorer

Désactiver le contrôle ActiveX. Il faut positionner la valeur Compatibility Flags pour le Class Identifier comme décrit ci-dessous :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}]
``Compatibility Flags''=dword:00000400

Class Identifier à désactiver :

{233C1507-6A77-46A4-9443-F871F945D258}

5.2 Module pour Mozilla Firefox

Désactiver le module Shockwave for Director dans le navigateur de Mozilla Firefox :

Dans Outils, puis Modules complémentaires ;
sélectionner le module Shockwave for Director et le désactiver.

Solution

Se référer au bulletin de sécurité Adobe APSB10-25 du 28 octobre 2010 pour l'obtention des correctifs (cf. section Documentation).

Adobe Shockwave Player 11.5.8.612 et antérieures.

Cette vulnérabilité peut affecter les systèmes d'exploitation suivants :

Microsoft Windows ;
Apple Mac OS X.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe du 21 octobre 2010	None	vendor-advisory
Bulletin de sécurité Adobe APSB10-25 du 28 ocotbre 2010 :	-	other
Avis CERTA-2010-AVI-523 du 29 octobre 2010 :	-	other
Bulletin de sécurité Adobe APSA10-04.html du 21 octobre 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eAdobe Shockwave Player 11.5.8.612 et ant\u00e9rieures.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eCette vuln\u00e9rabilit\u00e9 peut affecter les syst\u00e8mes d\u0027exploitation  suivants :\u003c/P\u003e  \u003cUL\u003e    \u003cLI\u003eMicrosoft Windows ;\u003c/LI\u003e    \u003cLI\u003eApple Mac OS X.\u003c/LI\u003e  \u003c/UL\u003e",
  "closed_at": "2010-10-29",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 caus\u00e9e par une erreur dans le traitement des fichiers\nau format DIR a \u00e9t\u00e9 d\u00e9couverte dans Adobe Shockwave Player. Elle permet\n\u00e0 une personne malveillante distante de provoquer un d\u00e9ni de service ou\nd\u0027ex\u00e9cuter du code arbitraire. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e\nau moyen d\u0027un fichier DIR sp\u00e9cialement construit, via un navigateur\nInternet mais d\u0027autres vecteurs d\u0027exploitation sont envisageables.\n\n## Contournement provisoire\n\nCes contournements provisoires ne sont plus d\u0027actualit\u00e9, un correctif\n\u00e9tant disponible D\u00e9sactiver Shockwave Player.\n\nAfin de limiter l\u0027impact li\u00e9 \u00e0 l\u0027exploitation de cette vuln\u00e9rabilit\u00e9,\nles contournements d\u00e9crits ci-dessous, non exhaustifs, peuvent \u00eatre\nappliqu\u00e9s.\n\nRemarque : la mise en oeuvre de ces contournements de s\u00e9curit\u00e9 peut\navoir des effets de bords sur l\u0027activit\u00e9 du syst\u00e8me. Il est important de\nles tester avant tout d\u00e9ploiement.\n\n## 5.1 ActiveX pour Internet Explorer\n\nD\u00e9sactiver le contr\u00f4le ActiveX. Il faut positionner la valeur\nCompatibility Flags pour le Class Identifier comme d\u00e9crit ci-dessous :\n\n    [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}]\n    ``Compatibility Flags\u0027\u0027=dword:00000400\n\nClass Identifier \u00e0 d\u00e9sactiver :  \n\n    {233C1507-6A77-46A4-9443-F871F945D258}\n\n## 5.2 Module pour Mozilla Firefox\n\nD\u00e9sactiver le module Shockwave for Director dans le navigateur de\nMozilla Firefox :\n\n-   Dans Outils, puis Modules compl\u00e9mentaires ;\n-   s\u00e9lectionner le module Shockwave for Director et le d\u00e9sactiver.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Adobe APSB10-25 du 28 octobre 2010\npour l\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3653"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB10-25 du 28 ocotbre 2010 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
    },
    {
      "title": "Avis CERTA-2010-AVI-523 du 29 octobre 2010 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-AVI-523/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSA10-04.html du 21 octobre    2010 :",
      "url": "http://www.adobe.com/support/security/advisories/apsa10-04.html"
    }
  ],
  "reference": "CERTA-2010-ALE-016",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-10-22T00:00:00.000000"
    },
    {
      "description": "ajout du correctif.",
      "revision_date": "2010-10-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 d\u00e9couverte dans Adobe Shockwave Player permet \u00e0 un\nutilisateur de provoquer un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 Adobe Shockwave Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe du 21 octobre 2010",
      "url": null
    }
  ]
}

FKIE_CVE-2010-3653

Vulnerability from fkie_nvd - Published: 2010-10-26 18:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
psirt@adobe.com	http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb10-25.html
psirt@adobe.com	http://www.exploit-db.com/exploits/15296	Exploit
psirt@adobe.com	http://www.kb.cert.org/vuls/id/402231	US Government Resource
psirt@adobe.com	http://www.securityfocus.com/bid/44291	Exploit
psirt@adobe.com	http://www.securitytracker.com/id?1024635
psirt@adobe.com	http://www.vupen.com/english/advisories/2010/2752	Vendor Advisory
psirt@adobe.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/62688
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285
af854a3a-2127-422b-91ae-364da2661108	http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb10-25.html
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/15296	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/402231	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/44291	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024635
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2752	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/62688
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285

Impacted products

Vendor	Product	Version
adobe	shockwave_player	*
adobe	shockwave_player	1.0
adobe	shockwave_player	2.0
adobe	shockwave_player	3.0
adobe	shockwave_player	4.0
adobe	shockwave_player	5.0
adobe	shockwave_player	6.0
adobe	shockwave_player	8.0
adobe	shockwave_player	8.0.196
adobe	shockwave_player	8.0.196a
adobe	shockwave_player	8.0.204
adobe	shockwave_player	8.0.205
adobe	shockwave_player	8.5.1
adobe	shockwave_player	8.5.1.100
adobe	shockwave_player	8.5.1.103
adobe	shockwave_player	8.5.1.105
adobe	shockwave_player	8.5.1.106
adobe	shockwave_player	8.5.321
adobe	shockwave_player	8.5.323
adobe	shockwave_player	8.5.324
adobe	shockwave_player	8.5.325
adobe	shockwave_player	9.0.383
adobe	shockwave_player	9.0.432
adobe	shockwave_player	10.0.0.210
adobe	shockwave_player	10.0.1.004
adobe	shockwave_player	10.1.0.11
adobe	shockwave_player	10.1.0.011
adobe	shockwave_player	10.1.1.016
adobe	shockwave_player	10.1.4.020
adobe	shockwave_player	10.2.0.021
adobe	shockwave_player	10.2.0.022
adobe	shockwave_player	10.2.0.023
adobe	shockwave_player	11.0.0.456
adobe	shockwave_player	11.0.3.471
adobe	shockwave_player	11.5.0.595
adobe	shockwave_player	11.5.0.596
adobe	shockwave_player	11.5.1.601
adobe	shockwave_player	11.5.2.602
adobe	shockwave_player	11.5.6.606
adobe	shockwave_player	11.5.7.609

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D71F810E-F23E-45FF-94F9-14D09490D018",
              "versionEndIncluding": "11.5.8.612",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA5643BC-12F8-4F05-A363-9FC97EF1DD0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "085FA7DD-8048-4768-816C-82828022FCF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0DC258D-1C2B-4A7F-AD80-6C88A7A78A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "966A8542-E5E1-468F-989E-47F71123A426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DC1BCC0-B24B-4CFC-B3B9-FA3B0D968CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFFDAAB3-CC22-4604-80B3-4A54CCEFD29E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A77F1733-6755-44E7-8ECC-CFB397FC79A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0.196:*:*:*:*:*:*:*",
              "matchCriteriaId": "9282EC1A-DFDB-49A9-8BE1-013D9B494D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0.196a:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4A8422D-39E4-490C-B3EC-FED7468D6B4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0.204:*:*:*:*:*:*:*",
              "matchCriteriaId": "88A75AF4-F7BA-4CA4-8079-5D9794E1BD45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.0.205:*:*:*:*:*:*:*",
              "matchCriteriaId": "712325E1-B37A-4994-B42E-F02553A3CB9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC55CB2C-4DBC-4D16-96A7-FB3316A21D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1.100:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADB5808-5F9A-4FBD-A6FC-3DB17A6C6CF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1.103:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFC415B5-F7C8-4277-A4A3-ECFA2CB38515",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1.105:*:*:*:*:*:*:*",
              "matchCriteriaId": "3454FF46-3D72-4FF9-AF5B-2E948DA412D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1.106:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4726504-850B-4434-A149-09000D21F917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.321:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6D89450-C92C-4541-917B-AD047803A2AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.323:*:*:*:*:*:*:*",
              "matchCriteriaId": "798EB26B-14D6-4E90-AC84-FF47B89B82E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.324:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA562619-7FAA-4FA6-AE42-55801AF00D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.325:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA961FB2-C543-4A1C-9C9E-C56641EB13FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:9.0.383:*:*:*:*:*:*:*",
              "matchCriteriaId": "56D23F59-4939-4ABE-A5BC-283BFC362E45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:9.0.432:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE1DB962-10C6-4536-B693-4AF59F0C4D94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.0.0.210:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA60B4FB-2BA4-4304-A7B8-8F0676C4F022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.0.1.004:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7D6B993-1CF8-4944-8456-B99A72F24814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18289BB-6568-4671-BC70-C8744DD2E0C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.0.011:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD29AACC-E101-494B-BFD4-D97FDBE4A584",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.1.016:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F52120E-9CAB-40D9-A577-5D8278139F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.4.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAB05A7D-3017-4589-AE5C-B1A377AF02B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.2.0.021:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C665F7-E05D-4A8C-B217-6689C95D3FF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.2.0.022:*:*:*:*:*:*:*",
              "matchCriteriaId": "8441B2BB-3837-4EDE-B44E-323B434CBF56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:10.2.0.023:*:*:*:*:*:*:*",
              "matchCriteriaId": "2007F032-06BA-4347-9D9E-2C7C4C9BBCD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.0.0.456:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF19CBB1-F047-4472-A19D-48A147396383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.0.3.471:*:*:*:*:*:*:*",
              "matchCriteriaId": "C51EB3CF-6770-4626-BDA7-9ED94A374911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.0.595:*:*:*:*:*:*:*",
              "matchCriteriaId": "C61B9485-2A42-4C95-9A10-3F1102E4EBBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.0.596:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FEEF7E-B477-485A-B9BC-98F6D1A2B10B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.1.601:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4FE4A01-9357-46D9-9BCB-DF2B4DECD9B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.2.602:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B9506D5-D8CA-4845-B2FA-0E47C9BB3C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.6.606:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBAFFFF-D658-45F0-AF14-BA29AA2D5394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:shockwave_player:11.5.7.609:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BFB28F3-ADA5-4BD1-9723-73FA291307BD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo Director (biblioteca dirapi.dll) en Shockwave Player de Adobe anterior a versi\u00f3n 11.5.9.615, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) por medio de una pel\u00edcula de Director con un fragmento rcsL dise\u00f1ado que contiene un campo cuyo valor se utiliza como un desplazamiento de puntero, como se explot\u00f3 \u201cin the wild\u201d en octubre de 2010. NOTA: algunos de estos datos se obtienen de la informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2010-3653",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-10-26T18:00:01.597",
  "references": [
    {
      "source": "psirt@adobe.com",
      "url": "http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/15296"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/402231"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/44291"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securitytracker.com/id?1024635"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2752"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62688"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/15296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/402231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/44291"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2752"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11285"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-3653 (GCVE-0-2010-3653)

GSD-2010-3653

GHSA-XXV5-9HQX-8G9Q

CERTA-2010-AVI-523

Description

Solution

CERTA-2010-AVI-523

Description

Solution

CERTA-2010-ALE-016

Description

Contournement provisoire

5.1 ActiveX pour Internet Explorer

5.2 Module pour Mozilla Firefox

Solution

CERTA-2010-ALE-016

Description

Contournement provisoire

5.1 ActiveX pour Internet Explorer

5.2 Module pour Mozilla Firefox

Solution

FKIE_CVE-2010-3653

Tags

Sightings

Nomenclature