Macromedia Shockwave 10 SWDIR.DLL Multiple ActiveX Control Remote Denial of Service Vulnerabilities
BID:22842
Info
Macromedia Shockwave 10 SWDIR.DLL Multiple ActiveX Control Remote Denial of Service Vulnerabilities
| Bugtraq ID: | 22842 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-1403 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 06 2007 12:00AM |
| Updated: | May 12 2015 07:33PM |
| Credit: | shinnai <[email protected]> discovered these vulnerabilities. |
| Vulnerable: |
Macromedia Shockwave 10.1.4 .20 |
| Not Vulnerable: | |
Discussion
Macromedia Shockwave 10 SWDIR.DLL Multiple ActiveX Control Remote Denial of Service Vulnerabilities
Macromedia Shockwave is prone to multiple denial-of-service vulnerabilities.
Attackers can exploit these issues to trigger denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control. Given the nature of these issues, attackers may also be able to execute code, but this has not been confirmed.
Macromedia Shockwave 10.1.4.20 is vulnerable to these issues; other versions may also be affected.
Macromedia Shockwave is prone to multiple denial-of-service vulnerabilities.
Attackers can exploit these issues to trigger denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control. Given the nature of these issues, attackers may also be able to execute code, but this has not been confirmed.
Macromedia Shockwave 10.1.4.20 is vulnerable to these issues; other versions may also be affected.
Exploit / POC
Macromedia Shockwave 10 SWDIR.DLL Multiple ActiveX Control Remote Denial of Service Vulnerabilities
An example exploit is available:
An example exploit is available:
Solution / Fix
Macromedia Shockwave 10 SWDIR.DLL Multiple ActiveX Control Remote Denial of Service Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Macromedia Shockwave 10 SWDIR.DLL Multiple ActiveX Control Remote Denial of Service Vulnerabilities
References:
References:
- Macromedia Homepage (Macromedia)
- Microsoft Knowledge Base Article 240797 (Microsoft)