ID CVE-2006-3587
Summary Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:flash_player:8.0.24.0
CVSS
Base: 5.1 (as of 17-07-2006 - 15:18)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Windows
    NASL id FLASH_PLAYER_9.NASL
    description According to its version number, the instance of Flash Player on the remote Windows host is affected by arbitrary code execution and denial of service issues. By convincing a user to visit a site with a specially crafted SWF file, an attacker may be able to execute arbitrary code on the affected host or cause the web browser to crash.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 22056
    published 2006-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22056
    title Flash Player Multiple Vulnerabilities (APSB06-11)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FLASH-PLAYER-2072.NASL
    description Multiple input validation errors have been identified in Flash Player that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user's web browser, email client, or other applications that include or reference the Flash Player. (CVE-2006-3311, CVE-2006-3587, CVE-2006-3588) These updates include changes to prevent circumvention of the 'allowScriptAccess' option. (CVE-2006-4640)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27219
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27219
    title openSUSE 10 Security Update : flash-player (flash-player-2072)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_4_8.NASL
    description The remote host is running a version of Mac OS X 10.4.x that is prior to 10.4.8. Mac OS X 10.4.8 contains several security fixes for the following programs : - CFNetwork - Flash Player - ImageIO - Kernel - LoginWindow - Preferences - QuickDraw Manager - SASL - WebCore - Workgroup Manager
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 22476
    published 2006-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22476
    title Mac OS X 10.4.x < 10.4.8 Multiple Vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7C75D48C429B11DBAFAE000C6EC775D9.NASL
    description Adobe reports : Multiple input validation errors have been identified in Flash Player 8.0.24.0 and earlier versions that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user?s web browser, email client, or other applications that include or reference the Flash Player. (CVE-2006-3311, CVE-2006-3587, CVE-2006-3588) These updates include changes to prevent circumvention of the 'allowScriptAccess' option. (CVE-2006-4640)
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 22341
    published 2006-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22341
    title FreeBSD : linux-flashplugin7 -- arbitrary code execution vulnerabilities (7c75d48c-429b-11db-afae-000c6ec775d9)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FLASH-PLAYER-2065.NASL
    description Multiple input validation errors have been identified in Flash Player that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user's web browser, email client, or other applications that include or reference the Flash Player. (CVE-2006-3311 / CVE-2006-3587 / CVE-2006-3588) These updates include changes to prevent circumvention of the 'allowScriptAccess' option. (CVE-2006-4640)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29432
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29432
    title SuSE 10 Security Update : flash-player (ZYPP Patch Number 2065)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2006-006.NASL
    description The remote host is running a version of Mac OS X 10.3 which does not have the security update 2006-006 applied. Security Update 2006-006 contains several security fixes for the following programs : - CFNetwork - Flash Player - QuickDraw Manager - SASL - WebCore
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 22479
    published 2006-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22479
    title Mac OS X Multiple Vulnerabilities (Security Update 2006-006)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200610-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-200610-02 (Adobe Flash Player: Arbitrary code execution) The Adobe Flash Player contains multiple unspecified vulnerabilities. Impact : An attacker could entice a user to view a malicious Flash file and execute arbitrary code with the rights of the user running the player. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 22506
    published 2006-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22506
    title GLSA-200610-02 : Adobe Flash Player: Arbitrary code execution
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0674.NASL
    description An updated Adobe Flash Player package that fixes security issues is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. The flash-plugin package contains a Firefox-compatible Adobe Flash Player browser plug-in. Security issues were discovered in the Adobe Flash Player. It may be possible to execute arbitrary code on a victim's machine if the victim opens a malicious Adobe Flash file. (CVE-2006-3311, CVE-2006-3587, CVE-2006-3588) Users of Adobe Flash Player should upgrade to this updated package, which contains version 7.0.68 and is not vulnerable to this issue. Red Hat would like to thank Adobe for notifying us of these issues.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 63833
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63833
    title RHEL 3 / 4 : flash-plugin (RHSA-2006:0674)
oval via4
  • accepted 2013-04-15T04:00:05.632-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Brian Stull
      organization SAINT Corporation
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows XP SP1 (64-bit) is installed
      oval oval:org.mitre.oval:def:480
    description Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.
    family windows
    id oval:org.mitre.oval:def:1050
    status accepted
    submitted 2006-11-15T12:28:05
    title Flash Arbitrary Code Execution Vulnerability
    version 56
  • accepted 2013-04-15T04:00:29.895-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Brian Stull
      organization SAINT Corporation
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows XP SP1 (64-bit) is installed
      oval oval:org.mitre.oval:def:480
    description Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.
    family windows
    id oval:org.mitre.oval:def:709
    status accepted
    submitted 2006-11-15T12:28:05
    title Adobe Flash Player allowScriptAccess protection bypass vulnerability
    version 56
redhat via4
advisories
rhsa
id RHSA-2006:0674
refmap via4
apple APPLE-SA-2006-09-29
bid
  • 18894
  • 19980
cert TA06-318A
cert-vn VU#474593
confirm http://www.adobe.com/support/security/bulletins/apsb06-11.html
gentoo GLSA-200610-02
misc http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-20.html
ms MS06-069
sectrack
  • 1016448
  • 1016829
secunia
  • 20971
  • 21865
  • 21901
  • 22054
  • 22187
  • 22268
  • 22882
suse SUSE-SA:2006:053
vupen
  • ADV-2006-2702
  • ADV-2006-3573
  • ADV-2006-3577
  • ADV-2006-3852
  • ADV-2006-4507
xf macromedia-swf-file-code-execution(27601)
statements via4
contributor Mark J Cox
lastmodified 2006-08-16
organization Red Hat
statement Adobe gave a statement that these issues do not affect the Linux versions of Macromedia Flash Player.
Last major update 07-03-2011 - 00:00
Published 13-07-2006 - 17:05
Last modified 12-10-2018 - 17:40
Back to Top