copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » By Operating... » Windows (all) » ESB-2006.0147 -- [Win] -- APSB06-02 Improper Memory ...
 

ESB-2006.0147 -- [Win] -- APSB06-02 Improper Memory Access Vulnerability in Shockwave Player ActiveX installer
Date: 27 February 2006

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                          ESB-2006.0147 -- [Win]
        APSB06-02 Improper Memory Access Vulnerability in Shockwave
                         Player ActiveX installer
                             27 February 2006

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Macromedia Shockwave Player 10.1.0.11 and prior
Publisher:         Adobe
Operating System:  Windows
Impact:            Execute Arbitrary Code/Commands
Access:            Remote/Unauthenticated
CVE Names:         CVE-2005-3525

Original Bulletin: 
  http://www.macromedia.com/devnet/security/security_zone/apsb06-02.html
  http://www.zerodayinitiative.com/advisories/ZDI-06-002.html

Comment: Remote exploitation may be possible when a user without
         Shockwave Player installed visits a malicious website that
         initiates installation of Shockwave and provides the vulnerable
         signed ActiveX control.
         
         To guard against this possibility, system administrators may wish to
         block instantiation of the vulnerable ActiveX control, which has
         CLSID 166B1BCA-3F9C-11CF-8075-444553540000
         Instructions for doing this are provided at the following URL:
         http://support.microsoft.com/kb/240797

- --------------------------BEGIN INCLUDED TEXT--------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Adobe Security Bulletin:
- - Macromedia Shockwave Player 10.1.0.11 and earlier
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

APSB06-02 Improper Memory Access Vulnerability in Shockwave
Player ActiveX installer

Originally posted: February 23, 2006

CVE Number:
CVE-2005-3525

Platform:
Windows

Summary:
A vulnerability in the Shockwave Player ActiveX installer
has been identified that could allow the execution of
arbitrary code.

Solution:
Adobe has fixed the issue in the Shockwave Player ActiveX
installer.  Since the vulnerability occurs in the installer,
no action needs to be taken by current Macromedia Shockwave
Player by Adobe customers. Customers downloading and
installing the latest Shockwave Player are also no longer
vulnerable with the updated Shockwave Player ActiveX
installer.

Affected Software Versions:
Shockwave Player 10.1.0.11 and earlier

Severity Rating:
Adobe categorizes this as a critical update.

Details:
During the installation process, malicious code on a website
with Shockwave content could have taken advantage of a
buffer overflow to allow the execution of arbitrary code.
For an attacker to exploit the vulnerability, users would
have been directed to a page including malicious code that
prompted the user to install Shockwave Player. Since the
vulnerability occurs during the install process, no action
needs to be taken by current Macromedia Shockwave Player by
Adobe customers. Customers downloading and installing the
latest Shockwave Player are also no longer vulnerable with
the updated Shockwave Player ActiveX installer.

Acknowledgements:
Adobe would like to thank the Zero Day Initiative, founded
by TippingPoint, a division of 3Com, for reporting the
improper memory access vulnerability and for working with
us to help protect our customers' security.

Revisions:
February 23, 2006  Bulletin first created.

Reporting Security Issues:
Adobe is committed to addressing security issues and
providing customers with the information on how they can
protect themselves. If you identify what you believe may be
a security issue with an Adobe product, please send an email
to PSIRT@adobe.com. We will work to appropriately address
and communicate the issue.

Receiving Security Bulletins:
When Adobe becomes aware of a security issue that we believe
significantly affects our products or customers, we will
notify customers when appropriate. Typically this
notification will be in the form of a security bulletin
explaining the issue and the response. Adobe customers who
would like to receive notification of new security bulletins
when they are released can sign up for our security
notification service.

For additional information on security issues at Adobe,
please visit: http://www.macromedia.com/security.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ANY INFORMATION, PATCHES, DOWNLOADS, WORKAROUNDS, OR FIXES 
PROVIDED BY ADOBE IN THIS BULLETIN ARE PROVIDED "AS IS" 
WITHOUT WARRANTY OF ANY KIND. ADOBE AND ITS SUPPLIERS 
DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED OR 
OTHERWISE, INCLUDING THE WARRANTIES OF MERCHANTABILITY 
AND FITNESS FOR A PARTICULAR PURPOSE. ALSO, THERE IS NO 
WARRANTY OF NON-INFRINGEMENT, TITLE, OR QUIET ENJOYMENT. 
(USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OF 
IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY 
TO YOU. IN NO EVENT SHALL ADOBE, INC. OR ITS SUPPLIERS BE 
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT 
LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, 
SPECIAL, PUNITIVE, COVER, LOSS OF PROFITS, BUSINESS 
INTERRUPTION, OR THE LIKE, OR LOSS OF BUSINESS DAMAGES, 
BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF 
CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), 
PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADOBE, INC. OR ITS 
SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN ADVISED OF 
THE POSSIBILITY OF SUCH DAMAGES. (USA ONLY) SOME STATES 
DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR 
CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE EXCLUSION 
OR LIMITATION MAY NOT APPLY TO YOU AND YOU MAY ALSO HAVE 
OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE. 

Adobe reserves the right, from time to time, to update 
the information in this document with current information.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRAJ0gyh9+71yA2DNAQInMgP/QRW0Fe1rkwcSSV5GT6BVur9zSjp1H2C5
kA9c6HkhwcbaOi9MmRRx8ZZ3vT8pvcjocVCXfbXSZJiYQVKusa0fUTMwU6/jdapG
l4+l0aMXfvhf+OQQsHGHY7JLv8uYQd0GQo2Fe/nsV6N5B+tw1hYUkUjJ8uubfE2K
2YjG8QMfL7c=
=3VM3
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/6064