Vulnerability Name:

CVE-2006-0024 (CCN-25005)

Assigned:2005-11-30
Published:2006-03-14
Updated:2018-10-12
Summary:Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Mon Dec 17 2007 - 15:47:29 CST
Apple OS X Software Update Remote Command Execution

Source: MITRE
Type: CNA
CVE-2006-0024

Source: CCN
Type: Apple Web site
About Security Update 2007-009

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=307179

Source: CCN
Type: Apple Security Update 2006-003
About Security Update 2006-003

Source: APPLE
Type: UNKNOWN
APPLE-SA-2006-05-11

Source: APPLE
Type: UNKNOWN
APPLE-SA-2007-12-17

Source: CCN
Type: RHSA-2006-0268
flash-plugin security update

Source: SECUNIA
Type: UNKNOWN
19198

Source: CCN
Type: SA19218
Flash Player Unspecified Code Execution Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
19218

Source: SECUNIA
Type: UNKNOWN
19259

Source: SECUNIA
Type: UNKNOWN
19328

Source: CCN
Type: SA20045
Microsoft Windows Flash Player Code Execution Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
20045

Source: CCN
Type: SA20077
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
20077

Source: CCN
Type: SA28136
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28136

Source: CCN
Type: SECTRACK ID: 1015770
Macromedia Flash Player SWF File Processing Flaw Permits Remote Code Execution

Source: SECTRACK
Type: UNKNOWN
1015770

Source: CCN
Type: ASA-2006-071
flash-plugin security update (RHSA-2006-0268)

Source: CCN
Type: ASA-2006-099
Windows Security Updates for May 2006 - (MS06-018 - MS06-020)

Source: CCN
Type: GLSA-200603-20
Macromedia Flash Player: Arbitrary code execution

Source: GENTOO
Type: UNKNOWN
GLSA-200603-20

Source: CCN
Type: US-CERT VU#945060
Adobe Flash products contain multiple vulnerabilities

Source: CERT-VN
Type: US Government Resource
VU#945060

Source: CCN
Type: Adobe Product Security Bulletin APSB06-03
Flash Player Update to Address Security Vulnerabilities

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html

Source: CCN
Type: Microsoft Security Advisory (916208)
Adobe Security Bulletin: APSB06-03 Flash Player Update to Address Security Vulnerabilities

Source: CCN
Type: Microsoft Security Bulletin MS06-020
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433)

Source: CCN
Type: Microsoft Security Bulletin MS06-069
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:015

Source: CONFIRM
Type: UNKNOWN
http://www.opera.com/docs/changelogs/windows/854/

Source: OSVDB
Type: UNKNOWN
23908

Source: CCN
Type: OSVDB ID: 23908
Macromedia Flash Player swf Processing Multiple Unspecified Code Execution

Source: REDHAT
Type: Vendor Advisory
RHSA-2006:0268

Source: BID
Type: UNKNOWN
17106

Source: CCN
Type: BID-17106
Macromedia Flash Multiple Unspecified Security Vulnerabilities

Source: BID
Type: UNKNOWN
17951

Source: CCN
Type: BID-17951
Apple Mac OS X Security Update 2006-003 Multiple Vulnerabilities

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA06-075A
Adobe Macromedia Flash Products Contain Vulnerabilities

Source: CERT
Type: US Government Resource
TA06-075A

Source: CERT
Type: US Government Resource
TA06-129A

Source: CERT
Type: US Government Resource
TA06-132A

Source: CERT
Type: US Government Resource
TA07-352A

Source: VUPEN
Type: UNKNOWN
ADV-2006-0952

Source: VUPEN
Type: UNKNOWN
ADV-2006-1262

Source: VUPEN
Type: UNKNOWN
ADV-2006-1744

Source: VUPEN
Type: UNKNOWN
ADV-2006-1779

Source: VUPEN
Type: UNKNOWN
ADV-2007-4238

Source: MS
Type: UNKNOWN
MS06-020

Source: XF
Type: UNKNOWN
macromedia-swf-code-execution(25005)

Source: XF
Type: UNKNOWN
macromedia-swf-code-execution(25005)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1894

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1922

Source: SUSE
Type: SUSE-SA:2006:015
flash-player remote buffer overflow

Source: SUSE
Type: SUSE-SR:2006:006
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:macromedia:flash_player:4.0_r12:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:5.0_r50:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.29.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.40.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.47.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.65.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.79.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:7.0.19.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:7.0.60.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:7.0.61.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:7.0_r19:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:*:*:*:*:*:*:*:* (Version <= 8.0.22.0)

    • Configuration CCN 1:
  • cpe:/a:macromedia:flash_player:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:4.0_r12:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:5.0_r50:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.29.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.40.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.47.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.65.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.79.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:7.0.19.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:7.0.60.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:7.0.61.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:7.0_r19:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:8.0.22.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:shockwave:-:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0:*:oss:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20060024
    V
    		CVE-2006-0024
    2015-11-16
    oval:org.mitre.oval:def:1922
    V
    		Remote Code Execution Vulnerability in Flash Player 8 (XP,SP2)
    2015-08-03
    oval:org.mitre.oval:def:1894
    V
    		Remote Code Execution Vulnerability in Flash Player 8 (XP,SP1)
    2011-05-16
    BACK
    macromedia flash player 4.0_r12
    macromedia flash player 5.0
    macromedia flash player 5.0_r50
    macromedia flash player 6.0
    macromedia flash player 6.0.29.0
    macromedia flash player 6.0.40.0
    macromedia flash player 6.0.47.0
    macromedia flash player 6.0.65.0
    macromedia flash player 6.0.79.0
    macromedia flash player 7.0.19.0
    macromedia flash player 7.0.60.0
    macromedia flash player 7.0.61.0
    macromedia flash player 7.0_r19
    macromedia flash player *
    macromedia flash player 5.0
    macromedia flash player 6.0
    macromedia flash player 4.0_r12
    macromedia flash player 5.0_r50
    macromedia flash player 6.0.29.0
    macromedia flash player 6.0.40.0
    macromedia flash player 6.0.47.0
    macromedia flash player 6.0.65.0
    macromedia flash player 6.0.79.0
    macromedia flash player 7.0.19.0
    macromedia flash player 7.0.60.0
    macromedia flash player 7.0.61.0
    macromedia flash player 7.0_r19
    macromedia flash player 8.0.22.0
    macromedia shockwave -
    gentoo linux *
    microsoft windows xp * sp1
    microsoft windows 2000 * sp4
    suse suse linux 9.1
    microsoft windows xp sp2
    suse suse linux 9.2
    novell linux desktop 9
    apple mac os x 10.3.9
    apple mac os x server 10.3.9
    microsoft windows 2003_server sp1
    suse suse linux 10.0
    apple mac os x 10.4.6
    redhat rhel extras 3
    redhat rhel extras 4
    apple mac os x server 10.4.6
    apple mac os x 10.4.11
    apple mac os x 10.5.1
    apple mac os x server 10.4.11
    apple mac os x server 10.5.1
    suse suse linux 9.3