Vulnerabilities > CVE-2005-2628 - Unspecified vulnerability in Macromedia Flash Player
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 |
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2006-003.NASL description The remote host is running Apple Mac OS X, but lacks Security Update 2006-003. This security update contains fixes for the following applications : AppKit ImageIO BOM CFNetwork ClamAV (Mac OS X Server only) CoreFoundation CoreGraphics Finder FTPServer Flash Player KeyCHain LaunchServices libcurl Mail MySQL Manager (Mac OS X Server only) Preview QuickDraw QuickTime Streaming Server Ruby Safari last seen 2020-06-01 modified 2020-06-02 plugin id 21341 published 2006-05-12 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21341 title Mac OS X Multiple Vulnerabilities (Security Update 2006-003) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(21341); script_version("1.21"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2006-1439", "CVE-2006-1982", "CVE-2006-1983", "CVE-2006-1984", "CVE-2006-1985", "CVE-2006-1440", "CVE-2006-1441", "CVE-2006-1442", "CVE-2006-1614", "CVE-2006-1615", "CVE-2006-1630", "CVE-2006-1443", "CVE-2006-1444", "CVE-2006-1448", "CVE-2006-1445", "CVE-2005-2628", "CVE-2006-0024", "CVE-2006-1552", "CVE-2006-1446", "CVE-2006-1447", "CVE-2005-4077", "CVE-2006-1449", "CVE-2006-1450", "CVE-2006-1451", "CVE-2006-1452", "CVE-2006-1453", "CVE-2006-1454", "CVE-2006-1455", "CVE-2006-1456", "CVE-2005-2337", "CVE-2006-1457"); script_bugtraq_id(17634, 17951); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2006-003)"); script_summary(english:"Check for Security Update 2006-003"); script_set_attribute(attribute:"synopsis", value: "The remote operating system is missing a vendor-supplied patch."); script_set_attribute(attribute:"description", value: "The remote host is running Apple Mac OS X, but lacks Security Update 2006-003. This security update contains fixes for the following applications : AppKit ImageIO BOM CFNetwork ClamAV (Mac OS X Server only) CoreFoundation CoreGraphics Finder FTPServer Flash Player KeyCHain LaunchServices libcurl Mail MySQL Manager (Mac OS X Server only) Preview QuickDraw QuickTime Streaming Server Ruby Safari"); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=303737"); script_set_attribute(attribute:"solution", value: "Mac OS X 10.4 : http://support.apple.com/downloads/Security_Update_2006_003_Mac_OS_X_10_4_6_Client__PPC_ http://support.apple.com/downloads/Security_Update_2006_003_Mac_OS_X_10_4_6_Client__Intel_ Mac OS X 10.3 : http://support.apple.com/downloads/Security_Update_2006_003__10_3_9_Client_ http://support.apple.com/downloads/Security_Update_2006_003__10_3_9_Server_"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/19"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); if ( egrep(pattern:"Darwin.* (7\.[0-9]\.|8\.[0-6]\.)", string:uname) ) { if (!egrep(pattern:"^SecUpd(Srvr)?(2006-00[3467]|2007-003)", string:packages)) security_hole(0); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200511-21.NASL description The remote host is affected by the vulnerability described in GLSA-200511-21 (Macromedia Flash Player: Remote arbitrary code execution) When handling a SWF file, the Macromedia Flash Player incorrectly validates the frame type identifier stored in the SWF file which is used as an index to reference an array of function pointers. A specially crafted SWF file can cause this index to reference memory outside of the scope of the Macromedia Flash Player, which in turn can cause the Macromedia Flash Player to use unintended memory address(es) as function pointers. Impact : An attacker serving a maliciously crafted SWF file could entice a user to view the SWF file and execute arbitrary code on the user last seen 2020-06-01 modified 2020-06-02 plugin id 20265 published 2005-12-07 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20265 title GLSA-200511-21 : Macromedia Flash Player: Remote arbitrary code execution code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200511-21. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(20265); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2005-2628"); script_xref(name:"GLSA", value:"200511-21"); script_name(english:"GLSA-200511-21 : Macromedia Flash Player: Remote arbitrary code execution"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200511-21 (Macromedia Flash Player: Remote arbitrary code execution) When handling a SWF file, the Macromedia Flash Player incorrectly validates the frame type identifier stored in the SWF file which is used as an index to reference an array of function pointers. A specially crafted SWF file can cause this index to reference memory outside of the scope of the Macromedia Flash Player, which in turn can cause the Macromedia Flash Player to use unintended memory address(es) as function pointers. Impact : An attacker serving a maliciously crafted SWF file could entice a user to view the SWF file and execute arbitrary code on the user's machine. Workaround : There is no known workaround at this time." ); # http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html script_set_attribute( attribute:"see_also", value:"https://www.adobe.com/devnet/security/security_zone/mpsb05-07.html" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200511-21" ); script_set_attribute( attribute:"solution", value: "All Macromedia Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-7.0.61'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:adobe-flash"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/11/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-plugins/adobe-flash", unaffected:make_list("ge 7.0.61"), vulnerable:make_list("lt 7.0.61"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Macromedia Flash Player"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-835.NASL description Updated Macromedia Flash Player packages that fix a security issue are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. The flash-plugin package contains a Mozilla-compatible Macromedia Flash Player browser plug-in. A buffer overflow bug was discovered in the Macromedia Flash Player. It may be possible to execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 63830 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63830 title RHEL 3 / 4 : flash-plugin (RHSA-2005:835) NASL family Windows NASL id FLASH_PLAYER_MEMORY_ACCESS.NASL description According to its version number, the instance of Macromedia last seen 2020-06-01 modified 2020-06-02 plugin id 20158 published 2005-11-07 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20158 title Flash Player < 7.0.60.0 / 8.0.22.0 Multiple Vulnerabilities
Oval
accepted 2011-05-16T04:01:19.250-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Dragos Prisaca organization Gideon Technologies, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer. family windows id oval:org.mitre.oval:def:1557 status accepted submitted 2006-05-10T03:16:00.000-04:00 title 7 (XP,SP2) version 55 accepted 2015-08-03T04:01:10.808-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Adobe Flash Player is installed oval oval:org.mitre.oval:def:6700 comment Microsoft Windows XP SP2 is installed oval oval:org.mitre.oval:def:6255 comment Microsoft Windows XP SP1 (32-bit) is installed oval oval:org.mitre.oval:def:1
description Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer. family windows id oval:org.mitre.oval:def:1987 status accepted submitted 2006-05-10T03:16:00.000-04:00 title Remote Code Execution Vulnerability in Flash Player 6 and 7 (XP,SP1) version 62
Packetstorm
| data source | https://packetstormsecurity.com/files/download/41380/SEC-20051107-1.txt |
| id | PACKETSTORM:41380 |
| last seen | 2016-12-05 |
| published | 2005-11-08 |
| reporter | Bernhard Mueller |
| source | https://packetstormsecurity.com/files/41380/SEC-20051107-1.txt.html |
| title | SEC-20051107-1.txt |
Redhat
| advisories |
|
References
- http://lists.apple.com/archives/security-announce/2006/May/msg00003.html
- http://secunia.com/advisories/17430
- http://secunia.com/advisories/17437/
- http://secunia.com/advisories/17481
- http://secunia.com/advisories/17626/
- http://secunia.com/advisories/17738
- http://secunia.com/advisories/20045
- http://secunia.com/advisories/20077
- http://securitytracker.com/id?1015156
- http://www.gentoo.org/security/en/glsa/glsa-200511-21.xml
- http://www.kb.cert.org/vuls/id/146284
- http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html
- http://www.novell.com/linux/security/advisories/2005_27_sr.html
- http://www.osvdb.org/18825
- http://www.redhat.com/support/errata/RHSA-2005-835.html
- http://www.securityfocus.com/archive/1/415789/30/0/threaded
- http://www.securityfocus.com/bid/15332
- http://www.securityfocus.com/bid/17951
- http://www.us-cert.gov/cas/techalerts/TA06-129A.html
- http://www.us-cert.gov/cas/techalerts/TA06-132A.html
- http://www.vupen.com/english/advisories/2005/2317
- http://www.vupen.com/english/advisories/2006/1744
- http://www.vupen.com/english/advisories/2006/1779
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-020
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22959
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1557
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1987