ID CVE-2006-3311
Summary Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:-:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:-:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:2:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:3:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:3:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:4:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:4:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:5:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:5:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:6:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:6:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:8:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:8:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:mx_2004:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:mx_2004:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flex_sdk:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flex_sdk:1.5:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 18-10-2018 - 16:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
oval via4
accepted 2013-04-15T04:00:20.020-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Brian Stull
    organization SAINT Corporation
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment Microsoft Windows XP (x86) SP2 is installed
    oval oval:org.mitre.oval:def:754
  • comment Microsoft Windows XP (x86) SP3 is installed
    oval oval:org.mitre.oval:def:5631
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
description Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
family windows
id oval:org.mitre.oval:def:394
status accepted
submitted 2006-11-15T12:28:05
title SWF Movie Arbitrary Code Execution Vulnerability
version 56
redhat via4
advisories
rhsa
id RHSA-2006:0674
refmap via4
apple APPLE-SA-2006-09-29
bid 19980
bugtraq 20060912 Computer Terrorism (UK) :: Incident Response Centre - Adobe/Macromedia Flash Player Vulnerability
cert
  • TA06-275A
  • TA06-318A
cert-vn VU#451380
confirm http://www.adobe.com/support/security/bulletins/apsb06-11.html
gentoo GLSA-200610-02
misc http://www.computerterrorism.com/research/ct12-09-2006.htm
ms MS06-069
sectrack 1016829
secunia
  • 21865
  • 21901
  • 22054
  • 22187
  • 22268
  • 22882
sreason 1546
suse SUSE-SA:2006:053
vupen
  • ADV-2006-3573
  • ADV-2006-3577
  • ADV-2006-3852
  • ADV-2006-4507
xf flashplayer-swf-string-bo(28886)
Last major update 18-10-2018 - 16:46
Published 12-09-2006 - 23:07
Back to Top