Adobe · Shockwave Player · CVE-2010-3653
**Name of the Vulnerable Software and Affected Versions**
Adobe Shockwave Player versions prior to 11.5.9.615
**Description**
The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption. This can be achieved via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset. The issue has been exploited in the wild.
**Recommendations**
For versions prior to 11.5.9.615, update to version 11.5.9.615 or later to resolve the issue. As a temporary workaround, consider restricting the use of Director movies from untrusted sources until the update is applied.