Reported May 3, 2002, by eEye Digital Security.
· Macromedia's Flash Player 6.0 ActiveX Control
A buffer overflow condition exists in Macromedia's Flash Player 6.0 ActiveX Control. An attacker can use this vulnerability to execute code through email, a Web site, or any other way that Microsoft Internet Explorer (IE) uses to display HTML. eEye’s advisory gives a detailed explanation on this vulnerability.
eEye Digital Security provided the following example as proof-of-concept:
Where X overwrites the EIP consistently across Windows platforms.
Macromedia has released an updated version of Shockwave Flash that addresses this vulnerability.
Discovered by Drew Copley and eEye Digital Security.