TITLE:
Macromedia ShockWave Player ActiveX Installer Buffer Overflow

SECUNIA ADVISORY ID:
SA19009

VERIFY ADVISORY:
http://secunia.com/advisories/19009/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Shockwave Player 10.x
http://secunia.com/product/4909/
Shockwave Player 8.x
http://secunia.com/product/2479/
Shockwave Player 9.x
http://secunia.com/product/2480/

DESCRIPTION:
Peter Vreugdenhil has reported a vulnerability in Macromedia
ShockWave Player, which can be exploited by malicious people to
compromise a user's system.

The vulnerability is caused due to a boundary error in the Installer
ActiveX control. This can be exploited to cause a stack-based buffer
overflow via overly long values passed in two specific parameters to
the control.

Successful exploitation allows arbitrary code execution, but requires
that the user is e.g. tricked into visiting a malicious web site that
prompts the user to install Shockwave Player.

The vulnerability has been reported in versions 10.1.0.11 and prior.

NOTE: The vendor has reported that the vulnerability occurs only
during the installation process, and no action needs to be taken by
current users.

SOLUTION:
Only install ShockWave Player directly from the vendor's web site.

PROVIDED AND/OR DISCOVERED BY:
Peter Vreugdenhil

ORIGINAL ADVISORY:
Macromedia:
http://www.macromedia.com/devnet/security/security_zone/apsb06-02.html

3Com's Zero Day Initiative:
http://www.zerodayinitiative.com/advisories/ZDI-06-002.html