TITLE: Macromedia ShockWave Player ActiveX Installer Buffer Overflow SECUNIA ADVISORY ID: SA19009 VERIFY ADVISORY: http://secunia.com/advisories/19009/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Shockwave Player 10.x http://secunia.com/product/4909/ Shockwave Player 8.x http://secunia.com/product/2479/ Shockwave Player 9.x http://secunia.com/product/2480/ DESCRIPTION: Peter Vreugdenhil has reported a vulnerability in Macromedia ShockWave Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the Installer ActiveX control. This can be exploited to cause a stack-based buffer overflow via overly long values passed in two specific parameters to the control. Successful exploitation allows arbitrary code execution, but requires that the user is e.g. tricked into visiting a malicious web site that prompts the user to install Shockwave Player. The vulnerability has been reported in versions 10.1.0.11 and prior. NOTE: The vendor has reported that the vulnerability occurs only during the installation process, and no action needs to be taken by current users. SOLUTION: Only install ShockWave Player directly from the vendor's web site. PROVIDED AND/OR DISCOVERED BY: Peter Vreugdenhil ORIGINAL ADVISORY: Macromedia: http://www.macromedia.com/devnet/security/security_zone/apsb06-02.html 3Com's Zero Day Initiative: http://www.zerodayinitiative.com/advisories/ZDI-06-002.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------