CVE-2007-1403

Macromedia Shockwave - Stack-Based Buffer Overflow via SwDir.dll ActiveX Control Properties

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1403. PoCs published by shinnai.

AI-analyzed exploit summary This exploit targets a stack overflow vulnerability in Macromedia SwDir.dll (version 10.1.4.20) by passing an excessively long string to multiple methods of the Shockwave ActiveX control. The PoC demonstrates the vulnerability by triggering a crash or potential code execution via a crafted HTML page.

Description

Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4) Sound, (5) DrawLogo, or (6) DrawProgress property value, different vectors than CVE-2006-6885.

Exploits (1)

exploitdb WORKING POC VERIFIED
by shinnai · htmldoswindows
https://www.exploit-db.com/exploits/3421

This exploit targets a stack overflow vulnerability in Macromedia SwDir.dll (version 10.1.4.20) by passing an excessively long string to multiple methods of the Shockwave ActiveX control. The PoC demonstrates the vulnerability by triggering a crash or potential code execution via a crafted HTML page.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Macromedia SwDir.dll ver. 10.1.4.20
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer with the vulnerable ActiveX control installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/36005
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22842
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3421

Scores

EPSS 0.2922
EPSS Percentile 97.9%

Details

Status published
Products (1)
macromedia/shockwave 10.1.4.20
Published Mar 10, 2007
Tracked Since Feb 18, 2026