Microsoft Office Shockwave Flash Object Remote Code Execution Vulnerability

vendor:

Office

by:

SecurityFocus

9.3

CVSS

HIGH

Remote Code Execution

CWE

Product Name: Office

Affected Version From: Microsoft Office 2003

Affected Version To: Microsoft Office 2003

Patch Exists: YES

Related CWE: CVE-2005-1790

CPE: a:microsoft:office

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 2003 SP1, Windows XP Professional Edition SP1 and SP2, Windows 2000 Professional

2005

Microsoft Office Shockwave Flash Object Remote Code Execution Vulnerability

Microsoft Office is prone to a weakness that may allow remote attackers to execute arbitrary script code contained in Shockwave Flash Objects without first requiring confirmation from users. A successful attack may allow attackers to access sensitive information and potentially execute malicious commands on a vulnerable computer.

Mitigation:

Users should ensure that they are running the latest version of Microsoft Office and that all security patches have been applied.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/18583/info

Microsoft Office is prone to a weakness that may allow remote attackers to execute arbitrary script code contained in Shockwave Flash Objects without first requiring confirmation from users.

A successful attack may allow attackers to access sensitive information and potentially execute malicious commands on a vulnerable computer.

The researcher responsible for discovering this issue has indicated that it presents itself on Windows 2003 SP1, Windows XP Professional Edition SP1 and SP2 running Microsoft Office 2003, and Windows 2000 Professional running Microsoft Office 2003. Other versions may be vulnerable as well.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/28087.zip