Macromedia Flash Multiple Unspecified Security Vulnerabilities
BID:17106
Info
Macromedia Flash Multiple Unspecified Security Vulnerabilities
| Bugtraq ID: | 17106 |
| Class: | Unknown |
| CVE: |
CVE-2006-0024 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 14 2006 12:00AM |
| Updated: | Dec 18 2007 08:04PM |
| Credit: | The vendor credits Microsoft in the discovery of these issues. |
| Vulnerable: |
S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Opera Software Opera Web Browser 8.51 Opera Software Opera Web Browser 8.50 Opera Software Opera Web Browser 8.0 2 Opera Software Opera Web Browser 8.0 1 Opera Software Opera Web Browser 8.0 Opera Software Opera Web Browser 8.53 Opera Software Opera Web Browser 8.52 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP 64-bit Edition Version 2003 SP1 Microsoft Windows XP 64-bit Edition Version 2003 Microsoft Windows XP 64-bit Edition SP1 Microsoft Windows XP 64-bit Edition Microsoft Windows XP 0 Microsoft Windows ME Microsoft Windows 98SE Microsoft Windows 98 Macromedia Shockwave 8.5.1 r106 Macromedia Shockwave 8.5.1 r105 Macromedia Shockwave 8.0 Macromedia Shockwave 6.0 Macromedia Shockwave 5.0 Macromedia Shockwave 4.0 Macromedia Shockwave 3.0 Macromedia Shockwave 2.0 Macromedia Shockwave 1.0 Macromedia Shockwave 10.1.0.11 Macromedia Flex 1.5 Macromedia Flash MX 2004 Macromedia Flash 8.0.22 .0 Macromedia Flash 7.0.61 .0 Macromedia Flash 7.0.60 .0 Macromedia Flash 7.0.25 .0 Macromedia Flash 7.0.19 .0 Macromedia Flash 7.0 r19 Macromedia Flash 6.0.79 .0 Macromedia Flash 6.0.65 .0 Macromedia Flash 6.0.47 .0 Macromedia Flash 6.0.40 .0 Macromedia Flash 6.0.29 .0 Macromedia Flash 6.0 Macromedia Flash 5.0 r50 Macromedia Flash 5.0 Macromedia Flash 4.0 r12 Macromedia Breeze Meeting Add-In 0 Gentoo Linux Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.5 |
| Not Vulnerable: |
Opera Software Opera Web Browser 8.54 Macromedia Flex 8.0.24 .0 Macromedia Flash MX 2004 7.0.63 .0 Macromedia Flash 8.0.24 .0 Macromedia Flash 7.0.63 .0 Macromedia Breeze Meeting Add-In 7.0.55 .331 Macromedia Breeze Meeting Add-In 7.0.55 .118 |
Discussion
Macromedia Flash Multiple Unspecified Security Vulnerabilities
The Macromedia Flash plug-in is susceptible to multiple unspecified vulnerabilities.
An attacker can potentially exploit these vulnerabilities to execute arbitrary code. The most likely vector of attack is through a malicious SWF file that has been designed to trigger the vulnerability and has been placed on a website. A denial-of-service condition may also occur.
Versions of the Flash Player prior to 7.0.63.0 and 8.0.24.0 are vulnerable to these issues.
The Macromedia Flash plug-in is susceptible to multiple unspecified vulnerabilities.
An attacker can potentially exploit these vulnerabilities to execute arbitrary code. The most likely vector of attack is through a malicious SWF file that has been designed to trigger the vulnerability and has been placed on a website. A denial-of-service condition may also occur.
Versions of the Flash Player prior to 7.0.63.0 and 8.0.24.0 are vulnerable to these issues.
Exploit / POC
Macromedia Flash Multiple Unspecified Security Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for these issues. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Macromedia Flash Multiple Unspecified Security Vulnerabilities
Solution:
Adobe has issued advisory APSB06-03 along with fixes to address these issues.
Please see the referenced advisories for further information.
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Tablet PC Edition SP1
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Tablet PC Edition SP2
Opera Software Opera Web Browser 8.52
Opera Software Opera Web Browser 8.53
Microsoft Windows XP Home SP2
Apple Mac OS X 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X 10.5.1
Apple Mac OS X Server 10.5.1
Macromedia Flash 7.0.25 .0
Opera Software Opera Web Browser 8.0 2
Opera Software Opera Web Browser 8.0 1
Opera Software Opera Web Browser 8.50
Opera Software Opera Web Browser 8.51
Solution:
Adobe has issued advisory APSB06-03 along with fixes to address these issues.
Please see the referenced advisories for further information.
Microsoft Windows XP Media Center Edition SP2
-
Microsoft Security Update for Flash Player (KB913433)
downloads
Microsoft Windows XP Tablet PC Edition SP1
-
Microsoft Security Update for Flash Player (KB913433)
downloads
Microsoft Windows XP Media Center Edition SP1
-
Microsoft Security Update for Flash Player (KB913433)
downloads
Microsoft Windows XP Tablet PC Edition SP2
-
Microsoft Security Update for Flash Player (KB913433)
downloads
Opera Software Opera Web Browser 8.52
-
Opera Software Opera for Windows 8.54
http://www.opera.com/download/
Opera Software Opera Web Browser 8.53
-
Opera Software Opera for Windows 8.54
http://www.opera.com/download/
Microsoft Windows XP Home SP2
-
Microsoft Security Update for Flash Player (KB913433)
downloads
Apple Mac OS X 10.4.11
-
Apple Security Update 2007-009 (10.4.11 PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg -
Apple Security Update 2007-009 (10.4.11 Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
Apple Mac OS X Server 10.4.11
-
Apple Security Update 2007-009 (10.4.11 PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg -
Apple Security Update 2007-009 (10.4.11 Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
Apple Mac OS X 10.5.1
-
Apple Security Update 2007-009 (10.5.1)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat= 1&platform=osx&method=sa/SecUpd2007-009.dmg
Apple Mac OS X Server 10.5.1
-
Apple Security Update 2007-009 (10.5.1)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat= 1&platform=osx&method=sa/SecUpd2007-009.dmg
Macromedia Flash 7.0.25 .0
-
SuSE flash-player-7.0.63.0-1.1.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/flash-player-7.0 .63.0-1.1.i586.rpm -
SuSE flash-player-7.0.63.0-1.1.i586.rpm
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/flash-player-7.0. 63.0-1.2.i586.rpm -
SuSE flash-player-7.0.63.0-1.1.i586.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/flash-player-7.0. 63.0-1.1.i586.rpm -
SuSE flash-player-7.0.63.0-1.1.i586.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/flash-player-7.0. 63.0-1.1.i586.rpm
Opera Software Opera Web Browser 8.0 2
-
Opera Software Opera for Windows 8.54
http://www.opera.com/download/
Opera Software Opera Web Browser 8.0 1
-
Opera Software Opera for Windows 8.54
http://www.opera.com/download/
Opera Software Opera Web Browser 8.50
-
Opera Software Opera for Windows 8.54
http://www.opera.com/download/
Opera Software Opera Web Browser 8.51
-
Opera Software Opera for Windows 8.54
http://www.opera.com/download/
References
Macromedia Flash Multiple Unspecified Security Vulnerabilities
References:
References:
- APSB06-03 Flash Player Update to Address Security Vulnerabilities (Adobe)
- Changelog for Opera for Windows 8.54 (Opera Software)
- Macromedia Homepage (Macromedia)
- Microsoft Security Advisory (916208) (Microsoft)
- Microsoft Security Bulletin MS06-020 - Vulnerabilities in Macromedia Flash Playe (Microsoft)
- RHSA-2006:0268-5 - flash-plugin security update (RedHat)