Vulnerability Bulletins |
Ejecución de código arbitrario en Adobe Flash Player |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | Comercial Software |
| Affected software |
Adobe Flash Player <= 8.0.22.0 Breeze Meeting Add-In <= 5.1 Shockwave Player <= 10.1.0.11 Flash Debug Player <= 7.0.14.0 |
Description |
|
|
Se han descubierto múltiples vulnerabilidades en Adobe Flash Player versión 8.0.22.0 y anteriores. Las vulnerabilidades no han sido especificadas pero están relacionadas con el manejo de ciertos ficheros SWF. Un atacante remoto podría causar una denegación de servicio o ejecutar código arbitrario mediante un fichero SWF especialmente diseñado. |
|
Solution |
|
|
Actualización de software Macromedia Flash Player version 7r63 http://www.macromedia.com/go/getflash Flash Player 8.0.24.0 http://www.macromedia.com/go/getflashplayer/ Breeze Meeting Add-In Version 5.1 SP1 / Windows http://www.macromedia.com/go/breeze_addin_install_win/ Breeze Meeting Add-In Version 5.1 SP1 / Macintosh OS X http://www.macromedia.com/go/breeze_addin_install_mac/ Shockwave Player 10.1.1 http://www.macromedia.com/shockwave/download/ Red Hat Red Hat Enterprise Linux Extras (v. 3) Red Hat Enterprise Linux Extras (v. 4) https://rhn.redhat.com/ Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Microsoft Microsoft Windows XP Service Pack 1 Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=B2B8F9A8-4874-405A-9F0C-768B2631673A Apple Mac OS X 10.4.6 Client (PPC) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10484&cat=1&platform=osx&method=sa/SecUpd2006-003Ti.dmg Mac OS X 10.4.6 Client (Intel) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10485&cat=1&platform=osx&method=sa/SecUpd2006-003Intel.dmg Mac OS X 10.3.9 Client http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10486&cat=1&platform=osx&method=sa/SecUpd2006-003Pan.dmg Mac OS X 10.4.6 Server http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10487&cat=1&platform=osx&method=sa/SecUpdSrvr2006-003Ti.dmg Mac OS X 10.3.9 Server http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10488&cat=1&platform=osx&method=sa/SecUpdSrvr2006-003Pan.dmg Apple Security Update 2007-009 / Mac OS X 10.4.11 (Universal) http://www.apple.com/support/downloads/securityupdate200700910411universal.html Security Update 2007-009 / Max OS X 10.4.11 (PPC) http://www.apple.com/support/downloads/securityupdate200700910411ppc.html Security Update 2007-009 / Max OS X 10.5.1 http://www.apple.com/support/downloads/securityupdate20070091051.html |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2006-0024 |
| BID | 17106 |
Other resources |
|
|
Macromedia Security Bulletin (APSB06-03) http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html Red Hat Security Advisory (RHSA-2006:0268-5) https://rhn.redhat.com/errata/RHSA-2006-0268.html SUSE Security Advisory (SUSE-SA:2006:015) http://www.novell.com/linux/security/advisories/2006_15_flashplayer.html Microsoft Security Bulletin MS06-020 http://www.microsoft.com/technet/security/Bulletin/MS06-020.mspx Apple Security Update (2006-003) http://docs.info.apple.com/article.html?artnum=303737 Apple Security Update (307179) http://docs.info.apple.com/article.html?artnum=307179 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-03-16 |
| 1.1 | Aviso emitido por Suse (SUSE-SA:2006:015) | 2006-03-22 |
| 1.2 | Aviso emitido por Microsoft (MS06-020) | 2006-05-10 |
| 1.3 | Aviso emitido por Apple (2006-003) | 2006-05-12 |
| 1.4 | Aviso emitido por Apple (307179) | 2007-12-31 |