- Buffer overflow in Shockwave player -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, 27 February 2006 - A vulnerability has been reported in the
Macromedia Shockwave player (Adobe), which could be used by remote
attackers to execute arbitrary code on affected systems.
The problem lies in the installation process of the player,
specifically, in an ActiveX control (CLSID
166B1BCA-3F9C-11CF-8075-444553540000). This control contains a buffer
overflow vulnerability. A remote attacker could create a web page, with
Shockwave content, which when loaded by the user, would prompt the user
to install the player and at the same time would execute malicious code.
It has been confirmed that two parameters, which have not been detailed,
could be used to exploit the vulnerability. The company itself has
classified the problem as critical, and has published the corresponding
update. As only the installer is affected, current users of Macromedia
Shockwave Player are not affected. Users that download and install the
latest version of Shockwave Player are not vulnerable.
Adobe has reported the problem and provides a solution at:
Pint-size luxury and funky style
Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.