ID CVE-2005-2628
Summary Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.
References
Vulnerable Configurations
  • cpe:2.3:a:macromedia:flash_player:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:macromedia:flash_player:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:macromedia:flash_player:6.0.29.0:*:*:*:*:*:*:*
    cpe:2.3:a:macromedia:flash_player:6.0.29.0:*:*:*:*:*:*:*
  • cpe:2.3:a:macromedia:flash_player:6.0.40.0:*:*:*:*:*:*:*
    cpe:2.3:a:macromedia:flash_player:6.0.40.0:*:*:*:*:*:*:*
  • cpe:2.3:a:macromedia:flash_player:6.0.47.0:*:*:*:*:*:*:*
    cpe:2.3:a:macromedia:flash_player:6.0.47.0:*:*:*:*:*:*:*
  • cpe:2.3:a:macromedia:flash_player:6.0.65.0:*:*:*:*:*:*:*
    cpe:2.3:a:macromedia:flash_player:6.0.65.0:*:*:*:*:*:*:*
  • cpe:2.3:a:macromedia:flash_player:6.0.79.0:*:*:*:*:*:*:*
    cpe:2.3:a:macromedia:flash_player:6.0.79.0:*:*:*:*:*:*:*
  • cpe:2.3:a:macromedia:flash_player:7.0.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:macromedia:flash_player:7.0.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:macromedia:flash_player:7.0_r19:*:*:*:*:*:*:*
    cpe:2.3:a:macromedia:flash_player:7.0_r19:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 19-10-2018 - 15:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2011-05-16T04:01:19.250-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.
    family windows
    id oval:org.mitre.oval:def:1557
    status accepted
    submitted 2006-05-10T03:16:00.000-04:00
    title 7 (XP,SP2)
    version 55
  • accepted 2015-08-03T04:01:10.808-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Adobe Flash Player is installed
      oval oval:org.mitre.oval:def:6700
    • comment Microsoft Windows XP SP2 is installed
      oval oval:org.mitre.oval:def:6255
    • comment Microsoft Windows XP SP1 (32-bit) is installed
      oval oval:org.mitre.oval:def:1
    description Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.
    family windows
    id oval:org.mitre.oval:def:1987
    status accepted
    submitted 2006-05-10T03:16:00.000-04:00
    title Remote Code Execution Vulnerability in Flash Player 6 and 7 (XP,SP1)
    version 65
redhat via4
advisories
rhsa
id RHSA-2005:835
refmap via4
apple APPLE-SA-2006-05-11
bid
  • 15332
  • 17951
bugtraq 20051105 [EEYEB-20050627B] Macromedia Flash Player Improper Memory Access Vulnerability
cert
  • TA06-129A
  • TA06-132A
cert-vn VU#146284
confirm http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html
eeye EEYEB-20050627B
gentoo GLSA-200511-21
osvdb 18825
sectrack 1015156
secunia
  • 17430
  • 17437
  • 17481
  • 17626
  • 17738
  • 20045
  • 20077
suse SUSE-SR:2005:027
vupen
  • ADV-2005-2317
  • ADV-2006-1744
  • ADV-2006-1779
xf flashplayer-swf-execute-code(22959)
Last major update 19-10-2018 - 15:33
Published 05-11-2005 - 11:02
Last modified 19-10-2018 - 15:33
Back to Top