| VID |
28137 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Macromedia Flash Player before version 7.0.63.0 or 8.0.24.0 has been installed on the host. Macromedia Flash Player versions prior to 7.0.63.0 and 8.0.24.0 could allow a remote attacker to execute arbitrary code, caused by multiple unspecified vulnerabilities in the way that the Flash Player handles data contained within the Flash (SWF) file. A remote attacker could create a specially-crafted Web site containing a malicious SWF file, which would cause the script to be executed in the victim's Web browser within the security context of the hosted site, once the site is visited.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/advisory/916208.mspx
http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html
http://www.kb.cert.org/vuls/id/945060
http://www.frsirt.com/english/advisories/2006/0952
http://secunia.com/advisories/19218/
http://www.us-cert.gov/cas/techalerts/TA06-075A.html
* Platforms Affected:
Adobe Macromedia Shockwave Player 10.1.0.11 and earlier
Macromedia Breeze Meeding Add-In 5.1 and earlier
Macromedia Flash Debug Player 7.0.14.0 and earlier
Macromedia Flash Player 8.0.22.0 and earlier
Apple Mac OS X Any version
Linux Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Flash Player (7.0.63.0 or 8.0.24.0 or later), as listed in Macromedia Security Bulletin MPSB05-07 at http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html |
| Related URL |
CVE-2006-0024 (CVE) |
| Related URL |
17106 (SecurityFocus) |
| Related URL |
25005 (ISS) |
|
