Buffer Overflow in Macromedia's Flash Player 6.0 ActiveX Control

Reported May 3, 2002, by eEye Digital Security.

VERSION AFFECTED

·         Macromedia's Flash Player 6.0 ActiveX Control

 

DESCRIPTION
A buffer overflow condition exists in Macromedia's Flash Player 6.0 ActiveX Control. An attacker can use this vulnerability to execute code through email, a Web site, or any other way that Microsoft Internet Explorer (IE) uses to display HTML. eEye’s advisory gives a detailed explanation on this vulnerability.

 

DEMONSTRATION

eEye Digital Security provided the following example as proof-of-concept:

 

<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000">

<PARAM NAME=movie

VALUE="http://www.notthere8979873.com/notthere.swf?AAA\[...unstated, but

fixed number\]XXXXXXXX">

</OBJECT>

 

Where X overwrites the EIP consistently across Windows platforms.

 

VENDOR RESPONSE

Macromedia has released an updated version of Shockwave Flash that addresses this vulnerability.

 

CREDIT
Discovered by Drew Copley and eEye Digital Security.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish