ID CVE-2006-3587
Summary Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 12-10-2018 - 21:40)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2013-04-15T04:00:05.632-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Brian Stull
      organization SAINT Corporation
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows XP SP1 (64-bit) is installed
      oval oval:org.mitre.oval:def:480
    description Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.
    family windows
    id oval:org.mitre.oval:def:1050
    status accepted
    submitted 2006-11-15T12:28:05
    title Flash Arbitrary Code Execution Vulnerability
    version 56
  • accepted 2013-04-15T04:00:29.895-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Brian Stull
      organization SAINT Corporation
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows XP SP1 (64-bit) is installed
      oval oval:org.mitre.oval:def:480
    description Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.
    family windows
    id oval:org.mitre.oval:def:709
    status accepted
    submitted 2006-11-15T12:28:05
    title Adobe Flash Player allowScriptAccess protection bypass vulnerability
    version 56
redhat via4
advisories
rhsa
id RHSA-2006:0674
refmap via4
apple APPLE-SA-2006-09-29
bid
  • 18894
  • 19980
cert TA06-318A
cert-vn VU#474593
confirm http://www.adobe.com/support/security/bulletins/apsb06-11.html
gentoo GLSA-200610-02
misc http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-20.html
ms MS06-069
sectrack
  • 1016448
  • 1016829
secunia
  • 20971
  • 21865
  • 21901
  • 22054
  • 22187
  • 22268
  • 22882
suse SUSE-SA:2006:053
vupen
  • ADV-2006-2702
  • ADV-2006-3573
  • ADV-2006-3577
  • ADV-2006-3852
  • ADV-2006-4507
xf macromedia-swf-file-code-execution(27601)
statements via4
contributor Mark J Cox
lastmodified 2006-08-16
organization Red Hat
statement Adobe gave a statement that these issues do not affect the Linux versions of Macromedia Flash Player.
Last major update 12-10-2018 - 21:40
Published 13-07-2006 - 21:05
Back to Top