cbcvebase.
CVE-2007-1403
published 2007-03-10

CVE-2007-1403: Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service…

PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
29.22%
97.9th percentile
Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4) Sound, (5) DrawLogo, or (6) DrawProgress property value, different vectors than CVE-2006-6885.

Affected

1 ranges
VendorProductVersion rangeFixed in
macromediashockwave

Detection & IOCsextracted from sources · hover to see the quote

filenameSwDir.dll
versionSwDir.dll 10.1.4.20
  • Detect abnormally long string values (e.g., 1,000,000 'A' characters) being set on Shockwave ActiveX control properties BGCOLOR, SRC, AutoStart, Sound, DrawLogo, or DrawProgress via script — indicative of stack overflow exploitation attempt.
  • Monitor for instantiation of the SwDir.dll ActiveX control in Internet Explorer, particularly when any of the six vulnerable properties (BGCOLOR, SRC, AutoStart, Sound, DrawLogo, DrawProgress) are set to unusually long values.
  • Alert on Internet Explorer 7 crashes (process termination/fault) following loading of web pages that instantiate the Macromedia Shockwave SwDir.dll ActiveX control.
  • ·Exploit was tested specifically on Windows XP Professional SP2 with Internet Explorer 7; behavior on other OS/browser versions may differ.
  • ·These vectors are distinct from those in CVE-2006-6885; detection rules should not conflate the two CVEs.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.