Peter Vreugdenhil has reported a vulnerability in Macromedia ShockWave Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the Installer ActiveX control. This can be exploited to cause a stack-based buffer overflow via overly long values passed in two specific parameters to the control.
Successful exploitation allows arbitrary code execution, but requires that the user is e.g. tricked into visiting a malicious web site that prompts the user to install Shockwave Player.
The vulnerability has been reported in versions 10.1.0.11 and prior.
NOTE: The vendor has reported that the vulnerability occurs only during the installation process, and no action needs to be taken by current users.
Solution: Only install ShockWave Player directly from the vendor's web site.
Provided and/or discovered by: Peter Vreugdenhil
Original Advisory: Macromedia:
3Com's Zero Day Initiative:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Macromedia ShockWave Player ActiveX Installer Buffer Overflow
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.