Executive Summary
Summary | |
---|---|
Title | Adobe Shockwave Player Director file 'rcsL' chunk parsing vulnerability |
Informations | |||
---|---|---|---|
Name | VU#402231 | First vendor Publication | 2010-10-22 |
Vendor | VU-CERT | Last vendor Modification | 2010-10-29 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#402231Adobe Shockwave Player Director file 'rcsL' chunk parsing vulnerabilityOverviewAdobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh operating systems contain a critical vulnerability in the handling of "rcsL" chunks.I. DescriptionAdobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe Director. Shockwave Player is available as an ActiveX control for Internet Explorer and as a plug-in for other web browsers.A vulnerability has been discovered in Shockwave Player that can be exploited by an attacker to execute arbitrary code on a user's system. An attacker can create a specially crafted Adobe Director file with a specific value in an "rcsL" field causing an array-indexing error. More details are available in Adobe Security Bulletin APSA10-04. Limit access to Director files
{233C1507-6A77-46A4-9443-F871F945D258}
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{166B1BCA-3F9C-11CF-8075-444553540000}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{166B1BCA-3F9C-11CF-8075-444553540000}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{233C1507-6A77-46A4-9443-F871F945D258}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{233C1507-6A77-46A4-9443-F871F945D258}] "Compatibility Flags"=dword:00000400 Vendor Information
Referenceshttp://secunia.com/advisories/41932/ Thanks to Adobe and Secunia for reporting this vulnerability. This document was written by Michael Orlando.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/402231 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11285 | |||
Oval ID: | oval:org.mitre.oval:def:11285 | ||
Title: | Denial of service (memory corruption) via a Director movie with a crafted rcsL chunk in the Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 | ||
Description: | The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3653 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Adobe Shockwave Player |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Adobe Shockwave Director rcsL Chunk Remote Code Execution | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2010-12-09 | Name : Adobe Shockwave Player Multiple Vulnerabilities Nov-10 File : nvt/secpod_adobe_shockwave_player_mult_vuln_nov10.nasl |
2010-11-02 | Name : Adobe Shockwave player Arbitrary Code Execution Vulnerability File : nvt/gb_adobe_shockwave_player_arbitrary_code_exec_vuln_oct10.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
68803 | Adobe Shockwave Player Director Module Video File rcsL chunk Memory Corruption A memory corruption flaw exists in Adobe Shockwave Player. The Director module, dirapi.dll, fails to sanitize certain user-supplied 4bytes values in an undocumented rcsL chunk resulting in memory corruption. With a specially crafted Director movie containing a crafted rcsL chunk, a context-dependent attacker can execute arbitrary code. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Adobe Shockwave Director rcsL chunk remote code execution attempt RuleID : 24280 - Revision : 5 - Type : FILE-OTHER |
2014-01-10 | Adobe Shockwave Director rcsL chunk remote code execution attempt RuleID : 24279 - Revision : 5 - Type : FILE-OTHER |
2014-01-10 | Adobe Shockwave Director rcsL chunk memory corruption attempt RuleID : 24278 - Revision : 5 - Type : FILE-OTHER |
2014-01-10 | Adobe Shockwave Director rcsL chunk memory corruption attempt RuleID : 24277 - Revision : 5 - Type : FILE-OTHER |
2014-01-10 | Adobe Shockwave Director rcsL chunk remote code execution attempt RuleID : 17807 - Revision : 15 - Type : FILE-OTHER |
2014-01-10 | Adobe Shockwave Director rcsL chunk remote code execution attempt RuleID : 17806 - Revision : 15 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-22 | Name : The remote Mac OS X host contains a web browser plugin that is affected by mu... File : macosx_shockwave_player_apsb10-25.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote Windows host contains a web browser plugin that is affected by mul... File : shockwave_player_apsb10-25.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-12-23 13:26:47 |
|
2014-02-17 12:07:48 |
|