Vulnerabilities > CVE-2002-1881 - Denial Of Service vulnerability in Macromedia Flash Malformed SWF

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

macromedia

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers.

Vulnerable Configurations

Part	Description	Count
Application	Macromedia Macromedia Flash Player 4.0_R12 Macromedia Flash Player 5.0 Macromedia Flash Player 5.0_R50 Macromedia Flash Player 6.0 Macromedia Flash Player 6.0.29.0 Macromedia Flash Player 6.0.40.0 Macromedia Flash Player 6.0.47.0	7

References

http://archives.neohapsis.com/archives/bugtraq/2002-08/0088.html
http://www.iss.net/security_center/static/9843.php
http://www.securityfocus.com/bid/5445