Vulnerabilities > CVE-2006-3311 - Remote Code Execution vulnerability in Adobe Flash Player
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_053.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:053 (flash-player). Multiple input validation errors have been identified in the Macromedia Flash Player that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user last seen 2019-10-28 modified 2007-02-18 plugin id 24431 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24431 title SUSE-SA:2006:053: flash-player NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_7C75D48C429B11DBAFAE000C6EC775D9.NASL description Adobe reports : Multiple input validation errors have been identified in Flash Player 8.0.24.0 and earlier versions that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user?s web browser, email client, or other applications that include or reference the Flash Player. (CVE-2006-3311, CVE-2006-3587, CVE-2006-3588) These updates include changes to prevent circumvention of the last seen 2020-06-01 modified 2020-06-02 plugin id 22341 published 2006-09-14 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22341 title FreeBSD : linux-flashplugin7 -- arbitrary code execution vulnerabilities (7c75d48c-429b-11db-afae-000c6ec775d9) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0674.NASL description An updated Adobe Flash Player package that fixes security issues is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. The flash-plugin package contains a Firefox-compatible Adobe Flash Player browser plug-in. Security issues were discovered in the Adobe Flash Player. It may be possible to execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 63833 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63833 title RHEL 3 / 4 : flash-plugin (RHSA-2006:0674) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200610-02.NASL description The remote host is affected by the vulnerability described in GLSA-200610-02 (Adobe Flash Player: Arbitrary code execution) The Adobe Flash Player contains multiple unspecified vulnerabilities. Impact : An attacker could entice a user to view a malicious Flash file and execute arbitrary code with the rights of the user running the player. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 22506 published 2006-10-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22506 title GLSA-200610-02 : Adobe Flash Player: Arbitrary code execution NASL family Windows NASL id FLASH_PLAYER_9.NASL description According to its version number, the instance of Flash Player on the remote Windows host is affected by arbitrary code execution and denial of service issues. By convincing a user to visit a site with a specially crafted SWF file, an attacker may be able to execute arbitrary code on the affected host or cause the web browser to crash. last seen 2020-06-01 modified 2020-06-02 plugin id 22056 published 2006-07-17 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22056 title Flash Player Multiple Vulnerabilities (APSB06-11) NASL family MacOS X Local Security Checks NASL id MACOSX_10_4_8.NASL description The remote host is running a version of Mac OS X 10.4.x that is prior to 10.4.8. Mac OS X 10.4.8 contains several security fixes for the following programs : - CFNetwork - Flash Player - ImageIO - Kernel - LoginWindow - Preferences - QuickDraw Manager - SASL - WebCore - Workgroup Manager last seen 2020-06-01 modified 2020-06-02 plugin id 22476 published 2006-09-29 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22476 title Mac OS X 10.4.x < 10.4.8 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_FLASH-PLAYER-2065.NASL description Multiple input validation errors have been identified in Flash Player that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user last seen 2020-06-01 modified 2020-06-02 plugin id 29432 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29432 title SuSE 10 Security Update : flash-player (ZYPP Patch Number 2065) NASL family SuSE Local Security Checks NASL id SUSE_FLASH-PLAYER-2072.NASL description Multiple input validation errors have been identified in Flash Player that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user last seen 2020-06-01 modified 2020-06-02 plugin id 27219 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27219 title openSUSE 10 Security Update : flash-player (flash-player-2072) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2006-006.NASL description The remote host is running a version of Mac OS X 10.3 which does not have the security update 2006-006 applied. Security Update 2006-006 contains several security fixes for the following programs : - CFNetwork - Flash Player - QuickDraw Manager - SASL - WebCore last seen 2020-06-01 modified 2020-06-02 plugin id 22479 published 2006-09-29 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22479 title Mac OS X Multiple Vulnerabilities (Security Update 2006-006)
Oval
| accepted | 2013-04-15T04:00:20.020-04:00 | ||||||||||||||||
| class | vulnerability | ||||||||||||||||
| contributors |
| ||||||||||||||||
| definition_extensions |
| ||||||||||||||||
| description | Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie. | ||||||||||||||||
| family | windows | ||||||||||||||||
| id | oval:org.mitre.oval:def:394 | ||||||||||||||||
| status | accepted | ||||||||||||||||
| submitted | 2006-11-15T12:28:05 | ||||||||||||||||
| title | SWF Movie Arbitrary Code Execution Vulnerability | ||||||||||||||||
| version | 59 |
Redhat
| advisories |
|
References
- http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html
- http://secunia.com/advisories/21865
- http://secunia.com/advisories/21901
- http://secunia.com/advisories/22054
- http://secunia.com/advisories/22187
- http://secunia.com/advisories/22268
- http://secunia.com/advisories/22882
- http://security.gentoo.org/glsa/glsa-200610-02.xml
- http://securityreason.com/securityalert/1546
- http://securitytracker.com/id?1016829
- http://www.adobe.com/support/security/bulletins/apsb06-11.html
- http://www.computerterrorism.com/research/ct12-09-2006.htm
- http://www.kb.cert.org/vuls/id/451380
- http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html
- http://www.redhat.com/support/errata/RHSA-2006-0674.html
- http://www.securityfocus.com/archive/1/445825/100/0/threaded
- http://www.securityfocus.com/bid/19980
- http://www.us-cert.gov/cas/techalerts/TA06-275A.html
- http://www.us-cert.gov/cas/techalerts/TA06-318A.html
- http://www.vupen.com/english/advisories/2006/3573
- http://www.vupen.com/english/advisories/2006/3577
- http://www.vupen.com/english/advisories/2006/3852
- http://www.vupen.com/english/advisories/2006/4507
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28886
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A394