CVE-2005-3525 - OpenCVE

Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Adobe	Shockwave Player

Configuration 1 [-]

OR	cpe:2.3:a:adobe:shockwave_player:1.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:2.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:3.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:4.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:5.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:6.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:8.0:::::::*
	cpe:2.3:a:adobe:shockwave_player:8.5.1:::::::*
	cpe:2.3:a:adobe:shockwave_player:10.1.0.11:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/19009
http://securityreason.com/securityalert/481
http://securitytracker.com/id?1015673
http://www.kb.cert.org/vuls/id/437212
http://www.macromedia.com/devnet/security/security_zone/apsb06-02.html
http://www.osvdb.org/23461
http://www.securityfocus.com/archive/1/425900/100/0/threaded
http://www.securityfocus.com/bid/16791
http://www.vupen.com/english/advisories/2006/0716
http://www.zerodayinitiative.com/advisories/ZDI-06-002.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/24914

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-02-23T20:00:00

Updated: 2024-08-07T23:17:23.056Z

Reserved: 2005-11-08T00:00:00

Link: CVE-2005-3525

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-12-31T05:00:00.000

Modified: 2018-10-19T15:36:51.047

Link: CVE-2005-3525

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-02-23T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "23461", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/23461"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.macromedia.com/devnet/security/security_zone/apsb06-02.html"}, {"name": "16791", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16791"}, {"name": "481", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/481"}, {"name": "ADV-2006-0716", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0716"}, {"name": "shockwave-activex-installer-bo(24914)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24914"}, {"name": "19009", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19009"}, {"name": "VU#437212", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/437212"}, {"name": "20060223 ZDI-06-002: Adobe Macromedia ShockWave Code Execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/425900/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-002.html"}, {"name": "1015673", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015673"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3525", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "23461", "refsource": "OSVDB", "url": "http://www.osvdb.org/23461"}, {"name": "http://www.macromedia.com/devnet/security/security_zone/apsb06-02.html", "refsource": "CONFIRM", "url": "http://www.macromedia.com/devnet/security/security_zone/apsb06-02.html"}, {"name": "16791", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16791"}, {"name": "481", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/481"}, {"name": "ADV-2006-0716", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0716"}, {"name": "shockwave-activex-installer-bo(24914)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24914"}, {"name": "19009", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19009"}, {"name": "VU#437212", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/437212"}, {"name": "20060223 ZDI-06-002: Adobe Macromedia ShockWave Code Execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/425900/100/0/threaded"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-002.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-002.html"}, {"name": "1015673", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015673"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T23:17:23.056Z"}, "title": "CVE Program Container", "references": [{"name": "23461", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/23461"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.macromedia.com/devnet/security/security_zone/apsb06-02.html"}, {"name": "16791", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/16791"}, {"name": "481", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/481"}, {"name": "ADV-2006-0716", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0716"}, {"name": "shockwave-activex-installer-bo(24914)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24914"}, {"name": "19009", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19009"}, {"name": "VU#437212", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/437212"}, {"name": "20060223 ZDI-06-002: Adobe Macromedia ShockWave Code Execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/425900/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-002.html"}, {"name": "1015673", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015673"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3525", "datePublished": "2006-02-23T20:00:00", "dateReserved": "2005-11-08T00:00:00", "dateUpdated": "2024-08-07T23:17:23.056Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:shockwave_player:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BA5643BC-12F8-4F05-A363-9FC97EF1DD0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "085FA7DD-8048-4768-816C-82828022FCF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E0DC258D-1C2B-4A7F-AD80-6C88A7A78A5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "966A8542-E5E1-468F-989E-47F71123A426", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "4DC1BCC0-B24B-4CFC-B3B9-FA3B0D968CC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFFDAAB3-CC22-4604-80B3-4A54CCEFD29E", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "A77F1733-6755-44E7-8ECC-CFB397FC79A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:8.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "AC55CB2C-4DBC-4D16-96A7-FB3316A21D51", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:shockwave_player:10.1.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "D18289BB-6568-4671-BC70-C8744DD2E0C6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters."}], "id": "CVE-2005-3525", "lastModified": "2018-10-19T15:36:51.047", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2005-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19009"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/481"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015673"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/437212"}, {"source": "cve@mitre.org", "url": "http://www.macromedia.com/devnet/security/security_zone/apsb06-02.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/23461"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/425900/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/16791"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0716"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-002.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24914"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}