Signature Detail

HTTP: Macromedia Flash ActiveX Buffer Overflow

This signature detects attempts to download a malicious Macromedia Flash document. Attackers can send a maliciously crafted Flash document and manipulate an ActiveX control to execute arbitrary shellcode on the host.

Extended Description

Macromedia produces an ActiveX plugin version of the Flash Player, designed to work with Microsoft Internet Explorer. A vulnerability has been reported in some versions of this component. A buffer overflow exists in the parameter handling of this component. If an oversized parameter is including in the URI passed to the ActiveX component, process memory is corrupted. Exploitation of this vulnerability may result in arbitrary code execution when a malicious web page is viewed. It may be possible to exploit this vulnerability through HTML formatted email, this has not however been confirmed.

Affected Products

• Macromedia Flash 6.0.0

References

• BugTraq: 4664
• CVE: CVE-2002-0605
• URL: http://www.macromedia.com/support/flash/ts/documents/buf_ovflow_623.htm
• URL: http://www.eeye.com/html/Research/Advisories/AD20020502.html