The ActiveX installer for Adobe Macromedia Shockwave contains a buffer overflow, which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system.
Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia Director. Shockwave Player is available as an ActiveX control for Internet Explorer and as a plug-in for other web browsers.
By convincing a user to view a specially crafted HTML document (for example, a web page) and to accept the Shockwave Player ActiveX installer prompt, an attacker may be able to execute arbitrary code with the privileges of the user.
Do not install ActiveX controls from untrusted web sites
This vulnerability was disclosed by Adobe, who in turn credit Zero Day Initiative with reporting the vulnerability.
This document was written by Will Dormann.
|Date First Published:||2006-02-28|
|Date Last Updated:||2006-02-28 18:57 UTC|