Microsoft Office 2003 - Embedded Shockwave Flash Object Security Bypass

EDB-ID:

28087


Platform:

Windows

Published:

2006-06-22

source: http://www.securityfocus.com/bid/18583/info

Microsoft Office is prone to a weakness that may allow remote attackers to execute arbitrary script code contained in Shockwave Flash Objects without first requiring confirmation from users.

A successful attack may allow attackers to access sensitive information and potentially execute malicious commands on a vulnerable computer.

The researcher responsible for discovering this issue has indicated that it presents itself on Windows 2003 SP1, Windows XP Professional Edition SP1 and SP2 running Microsoft Office 2003, and Windows 2000 Professional running Microsoft Office 2003. Other versions may be vulnerable as well.

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/28087.zip