Vulnerability Note VU#437212
Adobe Macromedia Shockwave Player ActiveX installer buffer overflow vulnerability
The ActiveX installer for Adobe Macromedia Shockwave contains a buffer overflow, which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system.
Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia Director. Shockwave Player is available as an ActiveX control for Internet Explorer and as a plug-in for other web browsers.
By convincing a user to view a specially crafted HTML document (for example, a web page) and to accept the Shockwave Player ActiveX installer prompt, an attacker may be able to execute arbitrary code with the privileges of the user.
Do not install ActiveX controls from untrusted web sites
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Adobe||Affected||-||28 Feb 2006|
CVSS Metrics (Learn More)
This vulnerability was disclosed by Adobe, who in turn credit Zero Day Initiative with reporting the vulnerability.
This document was written by Will Dormann.
- CVE IDs: CVE-2005-3525
- Date Public: 23 Feb 2006
- Date First Published: 28 Feb 2006
- Date Last Updated: 28 Feb 2006
- Severity Metric: 3.88
- Document Revision: 9
If you have feedback, comments, or additional information about this vulnerability, please send us email.