| Vulnerability Name: | CVE-2005-3525 (CCN-24914) | ||||||||
| Assigned: | 2005-12-31 | ||||||||
| Published: | 2005-12-31 | ||||||||
| Updated: | 2018-10-19 | ||||||||
| Summary: | Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu Feb 23 2006 - 10:35:18 CST ZDI-06-002: Adobe Macromedia ShockWave Code Execution Source: MITRE Type: CNA CVE-2005-3525 Source: CCN Type: SA19009 Macromedia ShockWave Player ActiveX Installer Buffer Overflow Source: SECUNIA Type: Vendor Advisory 19009 Source: SREASON Type: UNKNOWN 481 Source: CCN Type: SECTRACK ID: 1015673 Shockwave Player Buffer Overflow in ActiveX Installer Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015673 Source: CCN Type: US-CERT VU#437212 Adobe Macromedia Shockwave Player ActiveX installer buffer overflow vulnerability Source: CERT-VN Type: US Government Resource VU#437212 Source: CCN Type: Adobe Security Bulletin APSB06-02 Improper Memory Access Vulnerability in Shockwave Player ActiveX installer Source: CONFIRM Type: UNKNOWN http://www.macromedia.com/devnet/security/security_zone/apsb06-02.html Source: OSVDB Type: UNKNOWN 23461 Source: CCN Type: OSVDB ID: 23461 Macromedia ShockWave Player ActiveX Installer Overflow Source: BUGTRAQ Type: UNKNOWN 20060223 ZDI-06-002: Adobe Macromedia ShockWave Code Execution Source: BID Type: UNKNOWN 16791 Source: CCN Type: BID-16791 Macromedia Shockwave Player ActiveX Control Buffer Overflow Vulnerability Source: VUPEN Type: UNKNOWN ADV-2006-0716 Source: MISC Type: UNKNOWN http://www.zerodayinitiative.com/advisories/ZDI-06-002.html Source: XF Type: UNKNOWN shockwave-activex-installer-bo(24914) Source: XF Type: UNKNOWN shockwave-activex-installer-bo(24914) Source: CCN Type: ZDI-06-002 Adobe Macromedia ShockWave Code Execution | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||