Adobe Shockwave Player installs Xtras that are signed by Adobe or Macromedia without prompting, which can allow an attacker to target vulnerabilities in older Xtras.
Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe Director. Shockwave Player is available as an ActiveX control for Internet Explorer and as a plug-in for other web browsers. Shockwave is also available in "Full" and "Slim" installers. The "Slim" installer provides fewer Xtras.
When a Shockwave movie attempts to use an Xtra, it will download and install it as necessary. If the Xtra is signed by Adobe or Macromedia, it will be installed automatically without any user interaction. Because the location from which Shockwave downloads the Xtra is stored in the Shockwave movie itself, this can allow an attacker to host old, vulnerable Xtras that can be installed and exploited automatically when a Shockwave movie is played.
By convincing a user to view a specially crafted Shockwave content (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.
We are currently unaware of a practical solution to this problem. Please consider the following workarounds:
Limit access to Director files
This vulnerability was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
|Date First Published:||2012-12-17|
|Date Last Updated:||2014-07-24 20:37 UTC|