|
Family: Gain a shell remotely --> Category: infos
Flash Player Improper Memory Access Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for an improper memory access vulnerabilities in Flash Player
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote host contains an application that is affected by remote
code execution flaws.
Description :
According to its version number, the instance of Macromedia's Flash
Player on the remote host fails to validate the frame type identifier
from SWF files before using that as an index into an array of function
pointers. A possible hacker may be able to leverage this issue using a
specially crafted SWF file to execute arbitrary code on the remote
host subject to the permissions of the user running Flash Player.
See also :
http://research.eeye.com/html/advisories/published/AD20051104.html
http://www.sec-consult.com/228.html
http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html
Solution :
Upgrade to Flash Player versions 7r61 or 8 or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|