HTTP: Macromedia Flash ActiveX Invalid src Param
This signature detects attempts to download a Web page containing code that executes a malicious Macromedia Flash document. Attackers can send a maliciously crafted Flash document and manipulate an ActiveX control to execute arbitrary shellcode on the host.
Extended Description
Macromedia produces an ActiveX plugin version of the Flash Player, designed to work with Microsoft Internet Explorer. A vulnerability has been reported in some versions of this component. A buffer overflow exists in the parameter handling of this component. If an oversized parameter is including in the URI passed to the ActiveX component, process memory is corrupted. Exploitation of this vulnerability may result in arbitrary code execution when a malicious web page is viewed. It may be possible to exploit this vulnerability through HTML formatted email, this has not however been confirmed.
Affected Products
Macromedia flash
References
BugTraq: 4664
CVE: CVE-2002-0605
URL: http://research.eeye.com/html/advisories/published/AD20020502.html
Short Name
HTTP:STC:SWF:PHPEXEC
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
ActiveX CVE-2002-0605 Flash Invalid Macromedia Param bid:4664 src
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Macromedia
CVSS Score
7.5