Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3591

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3591
Last Modified 07 Mar 2011 12:00:00
Published 16 Nov 2005 02:42:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3591

Summary

Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628.

Vulnerable Systems

Application

  • Macromedia Flash Player 6.0

  • Macromedia Flash Player 6.0.29.0

  • Macromedia Flash Player 6.0.40.0

  • Macromedia Flash Player 6.0.47.0

  • Macromedia Flash Player 6.0.65.0

  • Macromedia Flash Player 6.0.79.0

  • Macromedia Flash Player 7.0 R19

  • Macromedia Flash Player 7.0.19.0


References

BID - 15334

MISC - http://www.sec-consult.com/226.html

SECUNIA - 17430

BUGTRAQ - 20051107 SEC Consult SA-20051107-1 :: Macromedia Flash Player ActionDefineFunction

XF - flash-actiondefinefunction-doaction-bo(23022)

VUPEN - ADV-2005-2317

MSKB - Q910550

CONFIRM - http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html

SREASON - 149

SECUNIA - 17738

SECUNIA - 17626

SECUNIA - 17481

SECUNIA - 17437


Last Updated: 27 May 2016 10:40:59