Vulnerability Bulletins |
Ejecución remota de código en Macromedia Flash Player |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Principiante |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | Comercial Software |
| Affected software | Flash Player <= 7.0.19.0 |
Description |
|
|
Se ha descubierto una vulnerabilidad en Macromedia Flash Player 7.0.19.0 y anteriores. La vulnerabilidad reside en una validación incorrecta de los índices de ciertos "arrays". Un atacante remoto podría ejecutar código arbitrario en el contexto del reproductor Flash del cliente. |
|
Solution |
|
|
Actualización de software Macromedia Flash Player 7.0.60.0 Flash Player 8.0.22.0 http://www.macromedia.com/go/getflash Red Hat Red Hat Enterprise Linux Extras (v. 3) / IA-32 flash-plugin-7.0.61-1.EL3.i386.rpm flash-plugin-7.0.61-1.EL3.i386.rpm flash-plugin-7.0.61-1.EL3.i386.rpm flash-plugin-7.0.61-1.EL3.i386.rpm Red Hat Enterprise Linux Extras (v. 4) / IA-32 flash-plugin-7.0.61-1.EL4.i386.rpm flash-plugin-7.0.61-1.EL4.i386.rpm flash-plugin-7.0.61-1.EL4.i386.rpm flash-plugin-7.0.61-1.EL4.i386.rpm https://rhn.redhat.com/ Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Microsoft Microsoft Windows XP Service Pack 1 Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=B2B8F9A8-4874-405A-9F0C-768B2631673A Apple Mac OS X 10.4.6 Client (PPC) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10484&cat=1&platform=osx&method=sa/SecUpd2006-003Ti.dmg Mac OS X 10.4.6 Client (Intel) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10485&cat=1&platform=osx&method=sa/SecUpd2006-003Intel.dmg Mac OS X 10.3.9 Client http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10486&cat=1&platform=osx&method=sa/SecUpd2006-003Pan.dmg Mac OS X 10.4.6 Server http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10487&cat=1&platform=osx&method=sa/SecUpdSrvr2006-003Ti.dmg Mac OS X 10.3.9 Server http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10488&cat=1&platform=osx&method=sa/SecUpdSrvr2006-003Pan.dmg |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2005-2628 |
| BID | |
Other resources |
|
|
Macromedia Security Bulletin (MPSB05-07) http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html Red Hat Security Advisory (RHSA-2005:835-5) https://rhn.redhat.com/errata/RHSA-2005-835.html SUSE Security Advisory (SUSE-SR:2005:027) http://www.novell.com/linux/security/advisories/2005_27_sr.html Microsoft Security Bulletin MS06-020 http://www.microsoft.com/technet/security/Bulletin/MS06-020.mspx Apple Security Update (2006-003) http://docs.info.apple.com/article.html?artnum=303737 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2005-11-07 |
| 1.1 | Aviso emitido por Red Hat (RHSA-2005:835-5) | 2005-11-14 |
| 1.2 | Aviso emitido por Suse (SUSE-SR:2005:027) | 2005-11-23 |
| 2.0 | Exploit público disponible. | 2005-11-29 |
| 2.1 | Aviso emitido por Microsoft (MS06-020) | 2006-05-10 |
| 2.2 | Aviso emitido por Apple (2006-003) | 2006-05-12 |