Adobe Shockwave Player Arbitrary Code Execution Vulnerability Network Vulnerability

Summary

This host has Adobe Shockwave Player installed and is prone to arbitrary code execution vulnerability.

Impact

Successful attack could allow attackers to execute arbitrary code in the context of the user running the affected application, failed attacks may cause a denial-of-service condition. Impact Level: System/Application

Solution

Upgrade to Adobe Shockwave Player version 11.5.9.615, For updates refer to http://get.adobe.com/shockwave/otherversions/

Insight

The flaw is due to a memory corruption error in the Director (DIRAPI.dll) module when processing and calculating offsets while parsing 'rcsL' chunks in a Director file.

Affected

Adobe Shockwave Player 11.5.8.612 and prior on Windows.

References

http://www.exploit-db.com/exploits/15296/
http://www.vupen.com/english/advisories/2010/2752

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3653

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities - Mac OS X
Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)

Adobe Shockwave player Arbitrary Code Execution Vulnerability

Take action and discover your vulnerabilities