1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Adobe Shockwave Version ActiveX DoS

HTTP Adobe Shockwave Version ActiveX DoS

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a buffer-overflow vulnerability in Adobe Shockwave Player ActiveX Control.

Additional Information

The ActiveX control with a CLSID of {233C1507-6A77-46A4-9443-F871F945D258} is prone to a denial-of-service issue because the application fails to properly bounds-check user-supplied data. Specifically, a buffer overflow occurs in the 'ShockwaveVersion' function. An attacker could trigger the issue by supplying an overly long argument to the function.

Affected

  • Adobe Shockwave Player 10.2 023
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube