Adobe Flash Media Server < 2.0.5 Multiple Remote Vulnerabilities

Critical Nessus Plugin ID 31096


The remote Flash media server is affected by multiple vulnerabilities.


The remote host is running Adobe's Flash Media Server, an application server for Flash-based applications.

The Edge server component included with the version of Flash Media Server installed on the remote host contains several integer overflow and memory corruption errors that can be triggered when parsing specially crafted Real Time Message Protocol (RTMP) packets. An unauthenticated, remote attacker can leverage these issues to crash the affected service or execute arbitrary code with SYSTEM-level privileges (under Windows), potentially resulting in a complete compromise of the affected host.


Upgrade to Flash Media Server 2.0.5 or later.

See Also

Plugin Details

Severity: Critical

ID: 31096

File Name: adobe_fms_2_0_5.nasl

Version: $Revision: 1.19 $

Type: remote

Published: 2008/02/15

Modified: 2016/11/11

Dependencies: 50705

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:flash_media_server

Required KB Items: rtmp/adobe_fms

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2008/02/12

Reference Information

CVE: CVE-2007-6431, CVE-2007-6148, CVE-2007-6149

BID: 27762

OSVDB: 41538, 41539, 41540

Secunia: 28946

CWE: 189, 399