Handling Adobe Shockwave Player Vulnerability CVE-2010-3653

Exploit code now exists for Adobe Shockwave player vulnerability CVE-2010-3653. Adobe hasn’t released an update for us to deploy, and other than disabling the Adobe Shockwave player itself, there is no other known workaround. So for now we will have to use any IPS signatures we get to protect ourselves until Adobe releases a patched version of the Shockwave player.

References:
http://www.adobe.com/support/security/advisories/apsa10-04.html
http://threatpost.com/en_us/blogs/attack-code-published-adobe-shockwave-zero-day-102110
http://www.exploit-db.com/exploits/15296/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Share

Leave a Reply