Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2628

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2005-2628
Last Modified 07 Mar 2011 09:24:47
Published 05 Nov 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-2628

Summary

Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.

Vulnerable Systems

Application

  • Macromedia Flash Player 6.0

  • Macromedia Flash Player 6.0.29.0

  • Macromedia Flash Player 6.0.40.0

  • Macromedia Flash Player 6.0.47.0

  • Macromedia Flash Player 6.0.65.0

  • Macromedia Flash Player 6.0.79.0

  • Macromedia Flash Player 7.0 R19

  • Macromedia Flash Player 7.0.19.0


References

CERT - TA06-132A

CERT - TA06-129A

CERT-VN - VU#146284

BID - 15332

CONFIRM - http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html

VUPEN - ADV-2006-1779

VUPEN - ADV-2006-1744

VUPEN - ADV-2005-2317

OSVDB - 18825

XF - flashplayer-swf-execute-code(22959)

BID - 17951

BUGTRAQ - 20051105 [EEYEB-20050627B] Macromedia Flash Player Improper Memory Access Vulnerability

REDHAT - RHSA-2005:835

SUSE - SUSE-SR:2005:027

MS - MS06-020

GENTOO - GLSA-200511-21

SECTRACK - 1015156

SECUNIA - 20077

SECUNIA - 20045

SECUNIA - 17738

SECUNIA - 17626

SECUNIA - 17481

SECUNIA - 17437

SECUNIA - 17430

APPLE - APPLE-SA-2006-05-11

Related Patches

Apple 2006-05-11 Security Update 2006-003 Mac OS X 10.4.6 Client (PPC)

Apple 2006-05-11 Security Update 2006-003 Mac OS X 10.4.6 Client (Intel)

Apple 2006-05-11 Security Update 2006-003 (10.4.6 Server)


Last Updated: 27 May 2016 10:40:34