1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Macromedia Flash ActiveX DOS

HTTP Macromedia Flash ActiveX DOS

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a denial of service attack caused by passing specially crafted arguments into method of the Macromedia Flash ActiveX control.

Additional Information

Macromedia Flash is prone to a denial-of-service vulnerability.

The ActiveX control with a CLSID of {D27CDB6E-AE6D-11CF-96B8-444553540000} from the 'Flash8b.ocx' COM object is prone to a denial-of-service issue. Specifically, when the 'Flash8b.AllowScriptAccess' method of this control is called with an argument consisting of an excessively long string, this issue will be triggered.

An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control.

Macromedia Flash 8 is vulnerable to this issue; other versions may also be affected.

Affected

  • Macromedia Flash 8.0, 8.0.33.0, 8.0.22.0, 8.0.24.0
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube