HTTP: Adobe Shockwave Director rcsL Chunk Remote Code Execution
This signature detects attempts to exploit a known code execution vulnerability in Adobe Shockwave. It is due to an error while parsing a value from an rcsL RIFF chunk record. This value is used without validation to perform operations on heap memory. By crafting a special value, the file can be manipulated to corrupt a function pointer. A remote attacker can exploit this by enticing a user to process a malicious file. A successful attack can result in remote code execution in the security context of the logged in user.
Extended Description
Adobe Shockwave Player is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed attacks may cause a denial-of-service condition. Adobe Shockwave Player 11.5.8.612 is vulnerable; other versions may also be affected.
Affected Products
Adobe shockwave_player
Short Name
HTTP:STC:ADOBE:XFIR-RCSL
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Adobe CVE-2010-3653 CVE-2010-3655 Chunk Code Director Execution Remote Shockwave bid:44291 bid:44516 rcsL
Release Date
10/28/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3703
False Positive
Unknown
Vendors
Adobe
CVSS Score
9.3