Microsoft Excel embedded Shockwave Flash Object code execution
| excel-shockwave-code-execution (27312) |  Medium Risk |
Description:
A security weakness related to the handling of embedded Shockwave Flash Objects in Microsoft Excel could allow a remote attacker to execute arbitrary code on the system. An attacker could exploit this weakness by creating an Excel Spreadsheet file (.xls) containing a malicious Shockwave Flash Object and persuading a victim to open the file, which would allow the attacker to execute arbitrary code on the system with the privileges of the victim.
Platforms Affected:
- Adobe, Flash Player 8.0
- Adobe, Flash Player 8.0.22.0
- Adobe, Flash Player 8.0.24.0
- Adobe, Flash Professional 8
- Adobe, Flex 1.5
- Macromedia, Flash
- Macromedia, Flash MX 2004
- Microsoft, Excel 2003
- Microsoft, Excel Viewer 2003
- Microsoft, Office 2003
- Microsoft, Windows XP x64-Professional
- Microsoft, Windows XP SP2 Professional
- Turbolinux, Turbolinux FUJI
Remedy:
Refer to Adobe Product Security Bulletin APSB06-11 for patch, upgrade, or suggested workaround information. See References.
As a workaround, set the ActiveX Control kill bit for the Shockwave Flash Object. For more information refer to Microsoft Knowledge Base Article 240797. See References.
Consequences:
Gain Access
References:
- Adobe Web site, Adobe Flash Player Download Center at http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash.
- APSB06-11, Multiple Vulnerabilities in Adobe Flash Player 8.0.24.0 and Earlier Versions at http://www.adobe.com/support/security/bulletins/apsb06-11.html.
- Full-Disclosure Mailing List, Tue Jun 20 2006 - 12:17:46 CDT, Microsoft Excel File Embedded Shockwave Flash Object Exploit at http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html.
- Microsoft Knowledge Base Article 240797, How to stop an ActiveX control from running in Internet Explorer at http://support.microsoft.com/kb/240797/EN-US/.
- Microsoft Security Bulletin MS06-069, Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789) at http://www.microsoft.com/technet/security/bulletin/ms06-069.mspx.
- ASA-2006-253: Microsoft Security Bulletin Summary for November 2006 (MS06-66 - MS06-71)
- BID-18583: Microsoft Office Embedded Shockwave Flash Object Security Bypass Weakness
- BID-19980: Adobe Flash Player Multiple Remote Code Execution Vulnerabilities
- CVE-2006-3014: Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.
- FrSIRT/ADV-2006-3573: Adobe Macromedia Flash Player Multiple Remote Code Execution Vulnerabilities
- FrSIRT/ADV-2006-3577: Apple QuickTime Media Files Handling Buffer and Integer Overflow Vulnerabilities
- FrSIRT/ADV-2006-4507: Microsoft Windows Flash Player Remote Code Execution Vulnerabilities (MS06-069)
- SA21865: Adobe Flash Player Multiple Vulnerabilities
- SA22882: Microsoft Windows Flash Player Multiple Vulnerabilities
- SECTRACK ID: 1016344: Microsoft Excel `Shockwave Flash Object` Lets Remote Users Execute Code Automatically
Reported:
Jun 20, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net