Vulnerabilities > CVE-2006-3587 - Multiple vulnerability in Adobe Flash Player 8.0.24.0

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
adobe
nessus

Summary

Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.

Vulnerable Configurations

Part Description Count
Application
Adobe
1

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2006_053.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2006:053 (flash-player). Multiple input validation errors have been identified in the Macromedia Flash Player that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user
    last seen2019-10-28
    modified2007-02-18
    plugin id24431
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24431
    titleSUSE-SA:2006:053: flash-player
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_7C75D48C429B11DBAFAE000C6EC775D9.NASL
    descriptionAdobe reports : Multiple input validation errors have been identified in Flash Player 8.0.24.0 and earlier versions that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user?s web browser, email client, or other applications that include or reference the Flash Player. (CVE-2006-3311, CVE-2006-3587, CVE-2006-3588) These updates include changes to prevent circumvention of the
    last seen2020-06-01
    modified2020-06-02
    plugin id22341
    published2006-09-14
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22341
    titleFreeBSD : linux-flashplugin7 -- arbitrary code execution vulnerabilities (7c75d48c-429b-11db-afae-000c6ec775d9)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0674.NASL
    descriptionAn updated Adobe Flash Player package that fixes security issues is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. The flash-plugin package contains a Firefox-compatible Adobe Flash Player browser plug-in. Security issues were discovered in the Adobe Flash Player. It may be possible to execute arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id63833
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63833
    titleRHEL 3 / 4 : flash-plugin (RHSA-2006:0674)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200610-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200610-02 (Adobe Flash Player: Arbitrary code execution) The Adobe Flash Player contains multiple unspecified vulnerabilities. Impact : An attacker could entice a user to view a malicious Flash file and execute arbitrary code with the rights of the user running the player. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id22506
    published2006-10-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22506
    titleGLSA-200610-02 : Adobe Flash Player: Arbitrary code execution
  • NASL familyWindows
    NASL idFLASH_PLAYER_9.NASL
    descriptionAccording to its version number, the instance of Flash Player on the remote Windows host is affected by arbitrary code execution and denial of service issues. By convincing a user to visit a site with a specially crafted SWF file, an attacker may be able to execute arbitrary code on the affected host or cause the web browser to crash.
    last seen2020-06-01
    modified2020-06-02
    plugin id22056
    published2006-07-17
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22056
    titleFlash Player Multiple Vulnerabilities (APSB06-11)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_4_8.NASL
    descriptionThe remote host is running a version of Mac OS X 10.4.x that is prior to 10.4.8. Mac OS X 10.4.8 contains several security fixes for the following programs : - CFNetwork - Flash Player - ImageIO - Kernel - LoginWindow - Preferences - QuickDraw Manager - SASL - WebCore - Workgroup Manager
    last seen2020-06-01
    modified2020-06-02
    plugin id22476
    published2006-09-29
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22476
    titleMac OS X 10.4.x < 10.4.8 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FLASH-PLAYER-2065.NASL
    descriptionMultiple input validation errors have been identified in Flash Player that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user
    last seen2020-06-01
    modified2020-06-02
    plugin id29432
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29432
    titleSuSE 10 Security Update : flash-player (ZYPP Patch Number 2065)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FLASH-PLAYER-2072.NASL
    descriptionMultiple input validation errors have been identified in Flash Player that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user
    last seen2020-06-01
    modified2020-06-02
    plugin id27219
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27219
    titleopenSUSE 10 Security Update : flash-player (flash-player-2072)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2006-006.NASL
    descriptionThe remote host is running a version of Mac OS X 10.3 which does not have the security update 2006-006 applied. Security Update 2006-006 contains several security fixes for the following programs : - CFNetwork - Flash Player - QuickDraw Manager - SASL - WebCore
    last seen2020-06-01
    modified2020-06-02
    plugin id22479
    published2006-09-29
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22479
    titleMac OS X Multiple Vulnerabilities (Security Update 2006-006)

Oval

  • accepted2013-04-15T04:00:05.632-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameDragos Prisaca
      organizationGideon Technologies, Inc.
    • nameBrian Stull
      organizationSAINT Corporation
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentMicrosoft Windows XP (x86) SP2 is installed
      ovaloval:org.mitre.oval:def:754
    • commentMicrosoft Windows XP (x86) SP3 is installed
      ovaloval:org.mitre.oval:def:5631
    • commentMicrosoft Windows XP SP1 (64-bit) is installed
      ovaloval:org.mitre.oval:def:480
    descriptionUnspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.
    familywindows
    idoval:org.mitre.oval:def:1050
    statusaccepted
    submitted2006-11-15T12:28:05
    titleFlash Arbitrary Code Execution Vulnerability
    version59
  • accepted2013-04-15T04:00:29.895-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameDragos Prisaca
      organizationGideon Technologies, Inc.
    • nameBrian Stull
      organizationSAINT Corporation
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentMicrosoft Windows XP (x86) SP2 is installed
      ovaloval:org.mitre.oval:def:754
    • commentMicrosoft Windows XP (x86) SP3 is installed
      ovaloval:org.mitre.oval:def:5631
    • commentMicrosoft Windows XP SP1 (64-bit) is installed
      ovaloval:org.mitre.oval:def:480
    descriptionUnspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.
    familywindows
    idoval:org.mitre.oval:def:709
    statusaccepted
    submitted2006-11-15T12:28:05
    titleAdobe Flash Player allowScriptAccess protection bypass vulnerability
    version59

Redhat

advisories
rhsa
idRHSA-2006:0674

Statements

contributorMark J Cox
lastmodified2006-08-16
organizationRed Hat
statementAdobe gave a statement that these issues do not affect the Linux versions of Macromedia Flash Player.