Microsoft Office 2003 - Embedded Shockwave Flash Object Security Bypass

EDB-ID:

28087




Platform:

Windows

Date:

2006-06-22


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

source: https://www.securityfocus.com/bid/18583/info

Microsoft Office is prone to a weakness that may allow remote attackers to execute arbitrary script code contained in Shockwave Flash Objects without first requiring confirmation from users.

A successful attack may allow attackers to access sensitive information and potentially execute malicious commands on a vulnerable computer.

The researcher responsible for discovering this issue has indicated that it presents itself on Windows 2003 SP1, Windows XP Professional Edition SP1 and SP2 running Microsoft Office 2003, and Windows 2000 Professional running Microsoft Office 2003. Other versions may be vulnerable as well.

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/28087.zip