Vulnerabilities > CVE-2006-3311 - Remote Code Execution vulnerability in Adobe Flash Player

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
adobe
nessus

Summary

Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2006_053.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2006:053 (flash-player). Multiple input validation errors have been identified in the Macromedia Flash Player that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user
    last seen2019-10-28
    modified2007-02-18
    plugin id24431
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24431
    titleSUSE-SA:2006:053: flash-player
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_7C75D48C429B11DBAFAE000C6EC775D9.NASL
    descriptionAdobe reports : Multiple input validation errors have been identified in Flash Player 8.0.24.0 and earlier versions that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user?s web browser, email client, or other applications that include or reference the Flash Player. (CVE-2006-3311, CVE-2006-3587, CVE-2006-3588) These updates include changes to prevent circumvention of the
    last seen2020-06-01
    modified2020-06-02
    plugin id22341
    published2006-09-14
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22341
    titleFreeBSD : linux-flashplugin7 -- arbitrary code execution vulnerabilities (7c75d48c-429b-11db-afae-000c6ec775d9)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0674.NASL
    descriptionAn updated Adobe Flash Player package that fixes security issues is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. The flash-plugin package contains a Firefox-compatible Adobe Flash Player browser plug-in. Security issues were discovered in the Adobe Flash Player. It may be possible to execute arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id63833
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63833
    titleRHEL 3 / 4 : flash-plugin (RHSA-2006:0674)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200610-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200610-02 (Adobe Flash Player: Arbitrary code execution) The Adobe Flash Player contains multiple unspecified vulnerabilities. Impact : An attacker could entice a user to view a malicious Flash file and execute arbitrary code with the rights of the user running the player. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id22506
    published2006-10-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22506
    titleGLSA-200610-02 : Adobe Flash Player: Arbitrary code execution
  • NASL familyWindows
    NASL idFLASH_PLAYER_9.NASL
    descriptionAccording to its version number, the instance of Flash Player on the remote Windows host is affected by arbitrary code execution and denial of service issues. By convincing a user to visit a site with a specially crafted SWF file, an attacker may be able to execute arbitrary code on the affected host or cause the web browser to crash.
    last seen2020-06-01
    modified2020-06-02
    plugin id22056
    published2006-07-17
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22056
    titleFlash Player Multiple Vulnerabilities (APSB06-11)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_4_8.NASL
    descriptionThe remote host is running a version of Mac OS X 10.4.x that is prior to 10.4.8. Mac OS X 10.4.8 contains several security fixes for the following programs : - CFNetwork - Flash Player - ImageIO - Kernel - LoginWindow - Preferences - QuickDraw Manager - SASL - WebCore - Workgroup Manager
    last seen2020-06-01
    modified2020-06-02
    plugin id22476
    published2006-09-29
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22476
    titleMac OS X 10.4.x < 10.4.8 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FLASH-PLAYER-2065.NASL
    descriptionMultiple input validation errors have been identified in Flash Player that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user
    last seen2020-06-01
    modified2020-06-02
    plugin id29432
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29432
    titleSuSE 10 Security Update : flash-player (ZYPP Patch Number 2065)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FLASH-PLAYER-2072.NASL
    descriptionMultiple input validation errors have been identified in Flash Player that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user
    last seen2020-06-01
    modified2020-06-02
    plugin id27219
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27219
    titleopenSUSE 10 Security Update : flash-player (flash-player-2072)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2006-006.NASL
    descriptionThe remote host is running a version of Mac OS X 10.3 which does not have the security update 2006-006 applied. Security Update 2006-006 contains several security fixes for the following programs : - CFNetwork - Flash Player - QuickDraw Manager - SASL - WebCore
    last seen2020-06-01
    modified2020-06-02
    plugin id22479
    published2006-09-29
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22479
    titleMac OS X Multiple Vulnerabilities (Security Update 2006-006)

Oval

accepted2013-04-15T04:00:20.020-04:00
classvulnerability
contributors
  • nameRobert L. Hollis
    organizationThreatGuard, Inc.
  • nameDragos Prisaca
    organizationGideon Technologies, Inc.
  • nameBrian Stull
    organizationSAINT Corporation
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentMicrosoft Windows XP (x86) SP2 is installed
    ovaloval:org.mitre.oval:def:754
  • commentMicrosoft Windows XP (x86) SP3 is installed
    ovaloval:org.mitre.oval:def:5631
  • commentMicrosoft Windows XP SP1 (64-bit) is installed
    ovaloval:org.mitre.oval:def:480
descriptionBuffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
familywindows
idoval:org.mitre.oval:def:394
statusaccepted
submitted2006-11-15T12:28:05
titleSWF Movie Arbitrary Code Execution Vulnerability
version59

Redhat

advisories
rhsa
idRHSA-2006:0674