Vulnerability Name:
CVE-2002-1382 (CCN-10861)
Assigned:
2002-12-12
Published:
2002-12-12
Updated:
2017-10-10
Summary:
Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than
CAN-2002-0846
.
CVSS v3 Severity:
7.3 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
7.5 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
7.5 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-2002-1382
Source: BUGTRAQ
Type: UNKNOWN
20021217 Macromedia Shockwave Flash Malformed Header Overflow #2
Source: VULNWATCH
Type: UNKNOWN
20021217 Macromedia Shockwave Flash Malformed Header Overflow #2
Source: CCN
Type: eEye Digital Security Advisory AD20021216
Macromedia Shockwave Flash Malformed Header Overflow #2
Source: CCN
Type: Macromedia Web site
Macromedia Web Player Download Center
Source: CCN
Type: Macromedia Product Security Bulletin MPSB02-15
Macromedia Flash Malformed Header Vulnerability Issue
Source: CONFIRM
Type: Vendor Advisory
http://www.macromedia.com/v1/handlers/index.cfm?ID=23569
Source: CCN
Type: OSVDB ID: 6645
Macromedia Shockwave Flash Player Header Overflow
Source: BID
Type: UNKNOWN
6383
Source: CCN
Type: BID-6383
Macromedia Flash Unspecified SWF Buffer Overflow Vulnerability
Source: XF
Type: UNKNOWN
flash-swf-bo(10861)
Source: XF
Type: UNKNOWN
flash-swf-bo(10861)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:macromedia:flash_player:4.0_r12:*:*:*:*:*:*:*
OR
cpe:/a:macromedia:flash_player:5.0:*:*:*:*:*:*:*
OR
cpe:/a:macromedia:flash_player:5.0_r50:*:*:*:*:*:*:*
OR
cpe:/a:macromedia:flash_player:6.0:*:*:*:*:*:*:*
OR
cpe:/a:macromedia:flash_player:6.0.29.0:*:*:*:*:*:*:*
OR
cpe:/a:macromedia:flash_player:6.0.40.0:*:*:*:*:*:*:*
OR
cpe:/a:macromedia:flash_player:6.0.47.0:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:macromedia:flash_player:5.0:*:*:*:*:*:*:*
OR
cpe:/a:macromedia:flash_player:6.0:*:*:*:*:*:*:*
OR
cpe:/a:macromedia:flash_player:4.0_r12:*:*:*:*:*:*:*
OR
cpe:/a:macromedia:flash_player:5.0_r50:*:*:*:*:*:*:*
OR
cpe:/a:macromedia:flash_player:6.0.29.0:*:*:*:*:*:*:*
OR
cpe:/a:macromedia:flash_player:6.0.40.0:*:*:*:*:*:*:*
OR
cpe:/a:macromedia:flash_player:6.0.47.0:*:*:*:*:*:*:*
AND
cpe:/o:apple:macos:9.0:*:*:*:*:*:*:*
OR
cpe:/o:apple:macos:8.6:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_ce:*:*:*:*:*:*:*:*
OR
cpe:/a:qnx:neutrino_rtos:*:*:*:*:*:*:*:*
OR
cpe:/o:windriver:vxworks:*:*:*:*:*:*:*:*
OR
cpe:/o:apple:mac_os:9.1:*:*:*:*:*:*:*
OR
cpe:/o:apple:mac_os:9.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:mac_os_x:10.1:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
macromedia
flash player 4.0_r12
macromedia
flash player 5.0
macromedia
flash player 5.0_r50
macromedia
flash player 6.0
macromedia
flash player 6.0.29.0
macromedia
flash player 6.0.40.0
macromedia
flash player 6.0.47.0
macromedia
flash player 5.0
macromedia
flash player 6.0
macromedia
flash player 4.0_r12
macromedia
flash player 5.0_r50
macromedia
flash player 6.0.29.0
macromedia
flash player 6.0.40.0
macromedia
flash player 6.0.47.0
apple
mac os 9.0
apple
mac os 8.6
microsoft
windows ce *
qnx
neutrino rtos *
windriver
vxworks *
apple
mac os 9.1
apple
mac os 9.2
apple
mac os x 10.1