Flash Player < 7.0.60.0 / 8.0.22.0 Multiple Vulnerabilities

This script is Copyright (C) 2005-2012 Tenable Network Security, Inc.


Synopsis :

The remote host contains an application that is affected by remote
code execution flaws.

Description :

According to its version number, the instance of Macromedia's Flash
Player on the remote host fails to validate the frame type identifier
from SWF files before using that as an index into an array of function
pointers. An attacker may be able to leverage this issue using a
specially crafted SWF file to execute arbitrary code on the remote
host subject to the permissions of the user running Flash Player.

See also :

http://research.eeye.com/html/advisories/published/AD20051104.html
http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html

Solution :

Upgrade to Flash Player version 8.0.22.0 / 7.0.60.0 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 20158 (flash_player_memory_access.nasl)

Bugtraq ID: 15332
15334

CVE ID: CVE-2005-2628
CVE-2005-3591

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now