|
|
Family: Windows --> Category: infos
ShockWave Player ActiveX Installer Buffer Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks version of ShockWave installer ActiveX control
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote Windows host has an ActiveX control that is affected by a
buffer overflow vulnerability.
Description :
The remote host contains an ActiveX control associated with
Macromedia's ShockWave Player installer that has an exploitable
stack-based buffer overflow. It may be possible for a possible hacker to
execute arbitrary code on the remote host subject to the user's
rights by tricking a user into visiting a malicious web site.
See also :
http://www.zerodayinitiative.com/advisories/ZDI-06-002.html
http://www.macromedia.com/devnet/security/security_zone/apsb06-02.html
Solution :
The vendor claims the issue occurs only in the installer so there is
no need for action.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
