6.8 - KB925143

Executive Summary

Summary
Title	Adobe Security Bulletin: APSB06-11 Flash Player Update to Address Security Vulnerabilities

Informations
Name	KB925143	First vendor Publication	2006-09-12
Vendor	Microsoft	Last vendor Modification	2006-11-14
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has completed the investigation of security vulnerabilities in Macromedia Flash Player from Adobe, a third party software application that also was redistributed with Windows XP Service Pack 2 and Windows XP Professional x64 Edition. We have issued MS06-069 to address these issues. For more information about these issues, including download links for an available security update, please review MS06-069. This bulletin is for customers using Macromedia Flash Player version 6 from Adobe. The vulnerabilities addressed are the Macromedia Flash Player Vulnerabilities – CVE-2006-3014, CVE-2006-3311, CVE-2006-3587, CVE-2006-3588, and CVE-2006-4640.

Customers that have followed the guidance in Adobe Security Bulletin APSB06-11, issued September 12, 2006, are not at risk from these vulnerabilities.

Original Source

Url : http://www.microsoft.com/technet/security/advisory/925143.mspx

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-264	Permissions, Privileges, and Access Controls
50 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1050

Oval ID:	oval:org.mitre.oval:def:1050
Title:	Flash Arbitrary Code Execution Vulnerability
Description:	Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-3587	Version:	4
Platform(s):	Microsoft Windows XP	Product(s):	Flash Player
Definition Synopsis:
WinXP SP2,SP3 or WinXP SP1 (64-bit) Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows XP SP1 (64-bit) is installed AND Flash.ocx exists without upgrades to Flash8 or Flash9 Flash.ocx exists AND NOT the version of Flash8.ocx is greater than or equal 8.0.22.0 AND NOT the version of Flash9.ocx is greater than or equal 9.0.16.0

Definition Id: oval:org.mitre.oval:def:394

Oval ID:	oval:org.mitre.oval:def:394
Title:	SWF Movie Arbitrary Code Execution Vulnerability
Description:	Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-3311	Version:	4
Platform(s):	Microsoft Windows XP	Product(s):	Flash Player
Definition Synopsis:
WinXP SP2,SP3 or WinXP SP1 (64-bit) Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows XP SP1 (64-bit) is installed AND Flash.ocx exists without upgrades to Flash8 or Flash9 Flash.ocx exists AND NOT the version of Flash8.ocx is greater than or equal 8.0.22.0 AND NOT the version of Flash9.ocx is greater than or equal 9.0.16.0

Definition Id: oval:org.mitre.oval:def:432

Oval ID:	oval:org.mitre.oval:def:432
Title:	Malformed, Compressed .swf File Arbitrary Code Execution Vulnerability
Description:	Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-3588	Version:	4
Platform(s):	Microsoft Windows XP	Product(s):	Flash Player
Definition Synopsis:
WinXP SP2,SP3 or WinXP SP1 (64-bit) Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows XP SP1 (64-bit) is installed AND Flash.ocx exists without upgrades to Flash8 or Flash9 Flash.ocx exists AND NOT the version of Flash8.ocx is greater than or equal 8.0.22.0 AND NOT the version of Flash9.ocx is greater than or equal 9.0.16.0

Definition Id: oval:org.mitre.oval:def:538

Oval ID:	oval:org.mitre.oval:def:538
Title:	Excel-Flash Arbitrary Code Execution Vulnerability
Description:	Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-3014	Version:	4
Platform(s):	Microsoft Windows XP	Product(s):	Flash Player
Definition Synopsis:
WinXP SP2,SP3 or WinXP SP1 (64-bit) Microsoft Windows XP SP2 is installed AND Microsoft Windows XP SP1 (64-bit) is installed AND Flash.ocx exists without upgrades to Flash8 or Flash9 Flash.ocx exists AND NOT the version of Flash8.ocx is greater than or equal 8.0.22.0 AND NOT the version of Flash9.ocx is greater than or equal 9.0.16.0

Definition Id: oval:org.mitre.oval:def:709

Oval ID:	oval:org.mitre.oval:def:709
Title:	Adobe Flash Player allowScriptAccess protection bypass vulnerability
Description:	Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-4640	Version:	4
Platform(s):	Microsoft Windows XP	Product(s):	Flash Player
Definition Synopsis:
WinXP SP2,SP3 or WinXP SP1 (64-bit) Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows XP SP1 (64-bit) is installed AND Flash.ocx exists without upgrades to Flash8 or Flash9 Flash.ocx exists AND NOT the version of Flash8.ocx is greater than or equal 8.0.22.0 AND NOT the version of Flash9.ocx is greater than or equal 9.0.16.0

CPE : Common Platform Enumeration

Type	Description	Count
Application	Adobe Flash Player cpe:2.3:a:adobe:flash_player:8.0.24.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.22.0:::::::* cpe:2.3:a:adobe:flash_player:8.0::basic::::: cpe:2.3:a:adobe:flash_player:8.0::pro::::: cpe:2.3:a:adobe:flash_player:8.0:::::::* cpe:2.3:a:adobe:flash_player:8::professional::::: cpe:2.3:a:adobe:flash_player:8::pro::::: cpe:2.3:a:adobe:flash_player:7.2:::::::* cpe:2.3:a:adobe:flash_player:7.1.1:::::::* cpe:2.3:a:adobe:flash_player:7.1:::::::* cpe:2.3:a:adobe:flash_player:7.0.73.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.70.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.69.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.68.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.67.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.66.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.63:::::::* cpe:2.3:a:adobe:flash_player:7.0.63::linux::::: cpe:2.3:a:adobe:flash_player:7.0.61.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.60.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.53.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.25:::::::* cpe:2.3:a:adobe:flash_player:7.0.24.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.19.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.14.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.1:::::::* cpe:2.3:a:adobe:flash_player:7.0_r67::solaris::::: cpe:2.3:a:adobe:flash_player:7.0_r67:::::::* cpe:2.3:a:adobe:flash_player:7.0:::::::* cpe:2.3:a:adobe:flash_player:6.0.79:::::::* cpe:2.3:a:adobe:flash_player:6.0.21.0:::::::* cpe:2.3:a:adobe:flash_player:6:::::::* cpe:2.3:a:adobe:flash_player:5:::::::* cpe:2.3:a:adobe:flash_player:4:::::::* cpe:2.3:a:adobe:flash_player:3:::::::* cpe:2.3:a:adobe:flash_player:2:::::::* cpe:2.3:a:adobe:flash_player:mx_2004:::::::* cpe:2.3:a:adobe:flash_player:cs4::pro::::: cpe:2.3:a:adobe:flash_player:cs3::professional::::: cpe:2.3:a:adobe:flash_player:cs3::pro::::: cpe:2.3:a:adobe:flash_player:::pro:::::* cpe:2.3:a:adobe:flash_player:::basic:::::* cpe:2.3:a:adobe:flash_player:::::::: cpe:2.3:a:adobe:flash_player::::::edge::* cpe:2.3:a:adobe:flash_player::::::internet_explorer_11::* cpe:2.3:a:adobe:flash_player::::::chrome::* cpe:2.3:a:adobe:flash_player:-:::::::*	47
Application	Adobe Flex Sdk cpe:2.3:a:adobe:flex_sdk:1.5:::::::*	1
Application	Microsoft Excel cpe:2.3:a:microsoft:excel::::::::	1

OpenVAS Exploits

Date	Description
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200610-02 (Flash) File : nvt/glsa_200610_02.nasl
2008-09-04	Name : FreeBSD Ports: linux-flashplugin File : nvt/freebsd_linux-flashplugin0.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
28734	Adobe Flash Player allowScriptAccess Protection Unspecified Bypass Adobe Flash Player contains a flaw that may allow a malicious user to bypass certain security restrictions. The issue is triggered due to an unspecified error. It is possible that the flaw may allow bypassing the 'allowScriptAccess' option resulting in a loss of integrity.
28733	Adobe Flash Player Malformed SWF Processing Unspecified DoS Adobe Flash Player contains a flaw that may allow a denial of service. The issue is triggered when a victim opens a malformed and compressed SWF file. This will result in the application hosting the flash player, typically a web browser, to crach.
28732	Adobe Flash Player SWF Processing Dynamically Created String Overflow
27507	Microsoft Excel Embedded Shockwave Flash Object Arbitrary Javascript Execution
27113	Adobe Flash Player Unspecified Arbitrary Code Execution

Snort® IPS/IDS

Date	Description
2014-01-10	Microsoft Office Excel url unicode overflow attempt RuleID : 7025 - Revision : 16 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date	Description
2013-01-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0674.nasl - Type : ACT_GATHER_INFO
2007-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_flash-player-2065.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_flash-player-2072.nasl - Type : ACT_GATHER_INFO
2007-02-18	Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_053.nasl - Type : ACT_GATHER_INFO
2006-10-05	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200610-02.nasl - Type : ACT_GATHER_INFO
2006-09-29	Name : The remote host is missing a Mac OS X update which fixes a security issue. File : macosx_10_4_8.nasl - Type : ACT_GATHER_INFO
2006-09-29	Name : The remote host is missing a Mac OS X update which fixes a security issue. File : macosx_SecUpd2006-006.nasl - Type : ACT_GATHER_INFO
2006-09-14	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_7c75d48c429b11dbafae000c6ec775d9.nasl - Type : ACT_GATHER_INFO
2006-07-17	Name : The remote Windows host contains a browser plugin that is affected by multipl... File : flash_player_9.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	5
CPE ID(s)	49
osvdb(s)	5
Openvas Exploit(s)	3
Snort® Rule(s)	1
Nessus® Exploit(s)	9

	Related
6.8	MS06-069
6.8	CVE-2006-4640
5.1	CVE-2006-3587
5.1	CVE-2006-3311
5.1	CVE-2006-3014
2.6	CVE-2006-3588
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 6 more Alert(s)