Info

Disclosure

Feb 23, 2006

Discovery

Unknown

Dates

Exploit

Feb 21, 2006

Solution

Unknown

Description

A remote overflow exists in Shockwave Player ActiveX Installer. The product fails to perform boundary checks on two unspecified values when using CLSID 166B1BCA-3F9C-11CF-8075-444553540000 resulting in a stack-based buffer overflow. With a specially crafted request to a site hosting malicious shockwave content during the installation procedure, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public, Exploit Private
Disclosure: OSVDB Verified

Solution

This flaw was fixed in the 2006-02-23 release without a change in version number.

Products

Adobe Systems Incorporated

Shockwave Player ActiveX Installer

10.1.0.11

References

Security Tracker: 1015673
Keyword: 166B1BCA-3F9C-11CF-8075-444553540000 ZDI-06-002
Secunia Advisory ID: 19009
CVE ID: 2005-3525 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0590.html
Vendor Specific Advisory URL: http://www.macromedia.com/devnet/security/security_zone/apsb06-02.html
Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-06-002.html

Credit

Peter Vreugdenhil -

Direct URL: http://osvdb.org/36218