{"vuid":"VU#146284","idnumber":"146284","name":"Macromedia Flash Player fails to properly validate the frame type identifier read from a \"SWF\" file","keywords":["Macromedia","Flash Player","arbitrary code execution","frame type identifier","SWF file","NPSWF32.dll","ms06-may","apple-2006-003"],"overview":"A buffer overflow vulnerability in some versions of the Macromedia Flash Player may allow a remote attacker to execute code on a vulnerable system.","clean_desc":"The Macromedia Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. Some versions of the Flash Player, specifically 7.0.53.0 and earlier, contain an array bounds checking error in the way that they handle a frame type identifier read from the Flash (SWF) file. This error can results in a heap memory access vulnerability that could allow an attacker to execute arbitrary code. A maliciously crafted SWF that exploits this vulnerability could be supplied through a web page, for example. Note that vulnerable versions of the Flash Player are provided with a number of versions of Microsoft Windows, Apple's Mac OS X, and some distributions of the Linux operating systems.","impact":"A remote attacker with the ability to supply a specially crafted SWF file to a vulnerable host may be able to execute arbitrary code on that system. The attacker-supplied code would be executed with the privileges of the user opening the file.","resolution":"Apply a patch Patches have been released in response to this issue. Please see the Systems Affected section of this document for more information.","workarounds":"Workarounds Microsoft has published a number of workarounds for users of the affected products on Microsoft Windows platforms. Please see the Workarounds section of Microsoft Security Bulletin MS06-020 for more information.","sysaffected":"","thanks":"The CERT/CC credits \neEye Digital Security\n and \nSEC Consult\n for reporting this vulnerability.","author":"This document was written by Chad R Dougherty based on information provided by Macromedia, Inc. and eEye Digital Security.","public":["http://www.eeye.com/html/research/advisories/AD20051104.html","http://www.sec-consult.com/228.html","http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html","http://secunia.com/advisories/17430/","http://secunia.com/advisories/17481/","http://secunia.com/advisories/17437/","http://www.securityfocus.com/bid/15332","http://blogs.technet.com/msrc/archive/2005/11/07/413906.aspx","http://www.microsoft.com/technet/security/advisory/910550.mspx","http://www.microsoft.com/technet/security/Bulletin/MS06-020.mspx"],"cveids":["CVE-2005-2628"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-11-07T18:37:46Z","publicdate":"2005-11-07T00:00:00Z","datefirstpublished":"2005-11-11T22:56:41Z","dateupdated":"2006-05-09T18:23:25Z","revision":21,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"15","cam_impact":"15","cam_easeofexploitation":"8","cam_attackeraccessrequired":"20","cam_scorecurrent":"13.5","cam_scorecurrentwidelyknown":"16.875","cam_scorecurrentwidelyknownexploited":"30.375","ipprotocol":"","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":13.5,"vulnote":null}