Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-6885Shockwave vulnerability

7 documents4 sources
Severity
7.5HIGHNVD
NVD4.3CNA4.3
EPSS
21.6%
top 4.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Macromedia Shockwave
Timeline
PublishedDec 31
Latest updateMay 1

Description

An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmacromedia/shockwave10, 10.1.4.20+1

🔴Vulnerability Details

4
GHSA
GHSA-cr72-p8f8-mx4g: An ActiveX control in SwDir2022-05-01
GHSA
GHSA-wc5m-225h-wq23: Multiple stack-based buffer overflows in an ActiveX control in SwDir2022-05-01
CVEList
CVE-2007-1403: Multiple stack-based buffer overflows in an ActiveX control in SwDir2007-03-10
CVEList
CVE-2006-6885: An ActiveX control in SwDir2007-01-05

💥Exploits & PoCs

1
Exploit-DB
Macromedia Shockwave 10 'SwDir.dll' Internet Explorer 7 - Denial of Service2006-12-29
CVE-2006-6885 — Macromedia Shockwave vulnerability | cvebase