Detections
Analytics
ShockWave Player ActiveX Installer Buffer Overflow
high Nessus Plugin ID 20975
Synopsis
The remote Windows host has an ActiveX control that is affected by a buffer overflow vulnerability.Description
The remote host contains an ActiveX control associated with Macromedia's ShockWave Player installer that has an exploitable stack-based buffer overflow. It may be possible for an attacker to execute arbitrary code on the remote host subject to the user's privileges by tricking a user into visiting a malicious website.Solution
The vendor claims the issue occurs only in the installer and that there is no need for action.See Also
https://www.zerodayinitiative.com/advisories/ZDI-06-002/
http://www.macromedia.com/devnet/security/security_zone/apsb06-02.html
Plugin Details
Severity: High
ID: 20975
File Name: shockwave_player_activex_overflow.nasl
Version: 1.20
Type: local
Agent: windows
Family: Windows
Published: 2/25/2006
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:adobe:shockwave_player
Required KB Items: SMB/Registry/Enumerated
Exploit Ease: No known exploits are available
Patch Publication Date: 2/23/2006
Vulnerability Publication Date: 2/23/2006
Reference Information
CVE: CVE-2005-3525
BID: 16791