Macromedia ShockWave Player ActiveX Installer Buffer Overflow
A new vulnerability has been discovered for Macromedia's
Shockwave player that occurs only during install processing. Never install any
software by email as virus writers may try to exploit this new vulnerability.
Always install software directly from the vendors web site.
Macromedia ShockWave Player ActiveX Installer Buffer
Description: The vulnerability is caused due to a boundary
error in the Installer ActiveX control. This can be exploited to cause a
stack-based buffer overflow via overly long values passed in two specific
parameters to the control. Successful exploitation allows arbitrary code
execution, but requires that the user is e.g.
tricked into visiting a malicious web site that prompts the user to install
Shockwave Player. The vulnerability has been reported in
versions 10.1.0.11 and prior.
Workaround: The vendor has reported that the vulnerability
occurs only during the installation process, and no action needs to be taken by
Solution: Only install ShockWave Player directly from the
vendor's web site.