Adobe Macromedia Flash Products Contain Vulnerabilities

Systems Affected

Microsoft Windows, Apple Mac OS X, Linux, Solaris, or other operating systems with any of the following Adobe Macromedia products installed:

Flash Player 8.0.22.0 and earlier
Flash Professional 8
Flash Basic
Flash MX 2004
Flash Debug Player 7.0.14.0 and earlier
Flex 1.5
Breeze Meeting Add-In 5.1 and earlier
Adobe Macromedia Shockwave Player 10.1.0.11 and earlier

For more complete information, refer to Adobe Security Bulletin APSB06-03.

Overview

There are critical vulnerabilities
in Macromedia Flash player and related software. Exploitation of these
vulnerabilities could allow a remote, unauthenticated attacker to
execute arbitrary code or cause a denial of service on a vulnerable
system.

Description

Adobe Security Bulletin APSB06-03 addresses vulnerabilities
in Macromedia Flash Player and related software. Further information is available in the
following US-CERT Vulnerability Note:

VU#945060 -
Adobe Macromedia Flash products contain multiple vulnerabilities

Several vulnerabilities in Adobe Macromedia Flash products may allow a remote attacker to execute arbitrary code on a vulnerable system.

(CVE-2006-0024)

Several operating systems, including Microsoft Windows (see Microsoft Security Advisory 916208), have vulnerable versions of Flash installed by default. Systems with Flash-enabled web browsers are vulnerable. An attacker could host a specially crafted Flash file on a web site and convince a user to visit the site.

Impact

A remote, unauthenticated attacker could execute arbitrary code with
the privileges of the user. If the user is logged on with
administrative privileges, the attacker could take complete control of
an affected system. An attacker may also be able to cause a denial of
service.

Solution

Apply Updates

Adobe has provided the updates for these vulnerabilities in
APBS06-03.

Disable Flash

Please see Microsoft Security Advisory 916208 for instructions on how to disable Flash on Microsoft Windows. For other operating systems and web browsers, please contact the appropriate vendor.

Appendix A. References

Macromedia - APSB06-03: Flash Player Update to Address Security Vulnerabilities - http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html
US-CERT Vulnerability Note VU#945060 - http://www.kb.cert.org/vuls/id/945060
CVE-2006-0024 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0024
Microsoft Security Advisory (916208) - http://www.microsoft.com/technet/security/advisory/916208.mspx

Feedback can be directed to the US-CERT Technical Staff.

Revision History

March 16, 2006: Initial release

Last updated

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.

Adobe Macromedia Flash Products Contain Vulnerabilities

Systems Affected

Overview

Description

Impact

Solution

Apply Updates

Disable Flash

Appendix A. References

Revision History

Please share your thoughts

Joint Guidance on Deploying AI Systems Securely

Citrix Releases Security Updates for XenServer and Citrix Hypervisor

CISA Adds One Known Exploited Vulnerability to Catalog

Juniper Releases Security Bulletin for Multiple Juniper Products

Adobe Macromedia Flash Products Contain Vulnerabilities

Systems Affected

Overview

Description

Impact

Solution

Apply Updates

Disable Flash

Appendix A. References

Revision History

Please share your thoughts

Related Advisories

Joint Guidance on Deploying AI Systems Securely

Citrix Releases Security Updates for XenServer and Citrix Hypervisor

CISA Adds One Known Exploited Vulnerability to Catalog

Juniper Releases Security Bulletin for Multiple Juniper Products