CVE-2006-0024

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file.

References

http://docs.info.apple.com/article.html?artnum=307179

http://lists.apple.com/archives/security-announce/2006/May/msg00003.html

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

http://secunia.com/advisories/19198

http://secunia.com/advisories/19218

http://secunia.com/advisories/19259

http://secunia.com/advisories/19328

http://secunia.com/advisories/20045

http://secunia.com/advisories/20077

http://secunia.com/advisories/28136

http://securitytracker.com/id?1015770

http://www.gentoo.org/security/en/glsa/glsa-200603-20.xml

http://www.kb.cert.org/vuls/id/945060

http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html

http://www.novell.com/linux/security/advisories/2006_15_flashplayer.html

http://www.opera.com/docs/changelogs/windows/854/

http://www.osvdb.org/23908

http://www.redhat.com/support/errata/RHSA-2006-0268.html

http://www.securityfocus.com/bid/17106

http://www.securityfocus.com/bid/17951

http://www.us-cert.gov/cas/techalerts/TA06-075A.html

http://www.us-cert.gov/cas/techalerts/TA06-129A.html

http://www.us-cert.gov/cas/techalerts/TA06-132A.html

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

http://www.vupen.com/english/advisories/2006/0952

http://www.vupen.com/english/advisories/2006/1262

http://www.vupen.com/english/advisories/2006/1744

http://www.vupen.com/english/advisories/2006/1779

http://www.vupen.com/english/advisories/2007/4238

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-020

https://exchange.xforce.ibmcloud.com/vulnerabilities/25005

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1894

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1922

Details

Source: MITRE

Published: 2006-03-15

Updated: 2018-10-12

Risk Information

CVSS v2

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
63832RHEL 3 / 4 : flash-plugin (RHSA-2006:0268)NessusRed Hat Local Security Checks
medium
29723Mac OS X Multiple Vulnerabilities (Security Update 2007-009)NessusMacOS X Local Security Checks
critical
21459FreeBSD : linux-flashplugin -- arbitrary code execution vulnerability (83421018-b3ef-11da-a32d-000c6ec775d9)NessusFreeBSD Local Security Checks
medium
3617Mac OS X Multiple Vulnerabilities (Security Update 2006-003)Nessus Network MonitorOperating System Detection
medium
3616Quicktime < 7.1 on Mac OS X Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
21341Mac OS X Multiple Vulnerabilities (Security Update 2006-003)NessusMacOS X Local Security Checks
critical
21127GLSA-200603-20 : Macromedia Flash Player: Arbitrary code executionNessusGentoo Local Security Checks
medium
21079Flash Player swf Processing Multiple Unspecified Code Execution (APSB06-03)NessusWindows
medium
3318Curl < 7.15.1 Multiple Remote OverflowsNessus Network MonitorWeb Clients
critical
3308Mac OS X Multiple Vulnerabilities (Security Update 2005-009)Nessus Network MonitorOperating System Detection
high
3256Curl NTLM Buffer OverflowNessus Network MonitorWeb Clients
medium
3255GNU WGet < 1.10.2 Buffer OverflowNessus Network MonitorWeb Clients
medium
3505ClamAV < 0.88.1 Multiple Vulnerabilities (deprecated)Nessus Network MonitorWeb Clients
medium
801390Curl NTLM Buffer OverflowLog Correlation EngineWeb Clients
high
801386Curl <= 7.15.0 Multiple Remote OverflowsLog Correlation EngineWeb Clients
high
801197Quicktime < 7.1 on Mac OS X Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800798Mac OS X Multiple Vulnerabilities (Security Update 2005-009)Log Correlation EngineOperating System Detection
high