 |
|
|
|
| Vulnerability details : |
| |
 |
|
Macromedia Flash Player Flash.ocx Unspecified Function Arbitrary Code Execution |
|
|
Fiche créée le 2005-08-19 04:24:31, dernière mise à jour le 2010-02-20 21:57:04
Flash.ocx, part of Macromedia Flash Player, fails to perform proper validation of the frame type identifier from SWF files. The frame type identifier is used as an index into an array of function pointers. With a specially crafted SWF file, a remote attacker can cause arbitrary code execution, resulting in a loss of integrity.
|
| |
| Macromedia, Inc. 7.0.19.0 Affected | | Macromedia, Inc. 7.0.60 Affected | | | Attack Type : Input Manipulation
XSS, SQL injection, file retrieval, directory traversal, overflows, URL encoding. | Découvert le 2005-11-03 04:29:09
| | Disclosure : OSVDB Verified | Confirmé le 2005-11-03 04:29:09
| | Disclosure : Vendor Verified | | | Impact : Loss of Integrity
Assurance that data is unaltered by unauthorized persons.
Examples: XSS, arbitrary command execution, most overflows, most format strings, SQL injection, unauthorized file modification/deletion/creation, remote file inclusion, etc. | | | Location : Remote / Network Access
If network access if required and exploit can be done remotely. | | |
| |
| External refs : |
| OSVDB 18825 | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| |
| |
| |
| |
|
|
|
|
| Free consultation (search) |
|
|
|
|
|
| |
|
|
|
