Macromedia Flash Player swf Processing Multiple Unspecified Code Execution

2006-03-14T19:02:36
ID OSVDB:23908
Type osvdb
Reporter OSVDB
Modified 2006-03-14T19:02:36

Description

Vulnerability Description

Flash Player contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when the victim loads a malicious SWF file. It is possible that the flaw may allow an attacker to take control of the affected system resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Upgrade to version 8.0.24.0 or 7.0.63.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Flash Player contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when the victim loads a malicious SWF file. It is possible that the flaw may allow an attacker to take control of the affected system resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1015770 Secunia Advisory ID:19218 Secunia Advisory ID:19259 Secunia Advisory ID:19198 Secunia Advisory ID:19328 Secunia Advisory ID:20045 RedHat RHSA: RHSA-2006:0268 Other Advisory URL: http://www.microsoft.com/technet/security/advisory/916208.mspx Other Advisory URL: http://lists.suse.de/archive/suse-security-announce/2006-Mar/0004.html News Article: http://www.eweek.com/article2/0,1895,1938443,00.asp Microsoft Knowledge Base Article: 913433 Keyword: APSB06-03 FrSIRT Advisory: ADV-2006-0952 CVE-2006-0024 Bugtraq ID: 17106