Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3525

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2005-3525
Last Modified 07 Mar 2011 09:26:43
Published 31 Dec 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3525

Summary

Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters.

Vulnerable Systems

Application

  • Adobe Shockwave Player 1.0

  • Adobe Shockwave Player 10.1.0.11

  • Adobe Shockwave Player 2.0

  • Adobe Shockwave Player 3.0

  • Adobe Shockwave Player 4.0

  • Adobe Shockwave Player 5.0

  • Adobe Shockwave Player 6.0

  • Adobe Shockwave Player 8.0

  • Adobe Shockwave Player 8.5.1


References

CERT-VN - VU#437212

XF - shockwave-activex-installer-bo(24914)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-06-002.html

VUPEN - ADV-2006-0716

BID - 16791

BUGTRAQ - 20060223 ZDI-06-002: Adobe Macromedia ShockWave Code Execution

OSVDB - 23461

CONFIRM - http://www.macromedia.com/devnet/security/security_zone/apsb06-02.html

SECTRACK - 1015673

SECUNIA - 19009

SREASON - 481


Last Updated: 27 May 2016 10:40:57