Vulnerability Name:

CVE-2006-3311 (CCN-28886)

Assigned:2006-09-12
Published:2006-09-12
Updated:2018-10-18
Summary:Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Tue Sep 12 2006 - 15:07:32 CDT
Computer Terrorism (UK) :: Incident Response Centre - Adobe/Macromedia Flash Player Vulnerability

Source: MITRE
Type: CNA
CVE-2006-3311

Source: CCN
Type: Mac OS X 10.4.8 and Security Update 2006-006
About the security content of the Mac OS X 10.4.8 Update and Security Update 2006-006

Source: APPLE
Type: UNKNOWN
APPLE-SA-2006-09-29

Source: CCN
Type: RHSA-2006-0674
flash-plugin security update

Source: CCN
Type: SA21865
Adobe Flash Player Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
21865

Source: SECUNIA
Type: UNKNOWN
21901

Source: SECUNIA
Type: UNKNOWN
22054

Source: CCN
Type: SA22187
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
22187

Source: SECUNIA
Type: UNKNOWN
22268

Source: CCN
Type: SA22882
Microsoft Windows Flash Player Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
22882

Source: GENTOO
Type: UNKNOWN
GLSA-200610-02

Source: SREASON
Type: UNKNOWN
1546

Source: CCN
Type: SECTRACK ID: 1016829
Adobe Flash Player Input Validation Bugs Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1016829

Source: CCN
Type: ASA-2006-192
flash-plugin security update (RHSA-2006-0674)

Source: CCN
Type: ASA-2006-253
Microsoft Security Bulletin Summary for November 2006 (MS06-66 - MS06-71)

Source: CCN
Type: Adobe Web site
Adobe Flash Player Download Center

Source: CCN
Type: Adobe Product Security Bulletin APSB06-11
Multiple Vulnerabilities in Adobe Flash Player 8.0.24.0 and Earlier Versions

Source: CONFIRM
Type: Patch
http://www.adobe.com/support/security/bulletins/apsb06-11.html

Source: MISC
Type: Exploit, Patch, Vendor Advisory
http://www.computerterrorism.com/research/ct12-09-2006.htm

Source: CCN
Type: GLSA-200610-02
Adobe Flash Player: Arbitrary code execution

Source: CCN
Type: US-CERT VU#451380
Adobe Flash Player long string buffer overflow

Source: CERT-VN
Type: US Government Resource
VU#451380

Source: CCN
Type: Microsoft Security Bulletin MS06-069
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:053

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0674

Source: BUGTRAQ
Type: UNKNOWN
20060912 Computer Terrorism (UK) :: Incident Response Centre - Adobe/Macromedia Flash Player Vulnerability

Source: BID
Type: UNKNOWN
19980

Source: CCN
Type: BID-19980
Adobe Flash Player Multiple Remote Code Execution Vulnerabilities

Source: CCN
Type: TLSA-2006-26
Multiple vulnerabilities in flash-player

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA06-275A
Multiple Vulnerabilities in Apple and Adobe Products

Source: CERT
Type: US Government Resource
TA06-275A

Source: CERT
Type: US Government Resource
TA06-318A

Source: VUPEN
Type: UNKNOWN
ADV-2006-3573

Source: VUPEN
Type: UNKNOWN
ADV-2006-3577

Source: VUPEN
Type: UNKNOWN
ADV-2006-3852

Source: VUPEN
Type: UNKNOWN
ADV-2006-4507

Source: MS
Type: UNKNOWN
MS06-069

Source: XF
Type: UNKNOWN
flashplayer-swf-string-bo(28886)

Source: XF
Type: UNKNOWN
flashplayer-swf-string-bo(28886)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:394

Source: SUSE
Type: SUSE-SA:2006:053
flash-player security problem

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:flash_player:8:*:pro:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 8.0.24.0)
  • OR cpe:/a:adobe:flash_player:mx_2004:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:1.5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:adobe:flash:professional:8:*:*:*:*:*:*
  • OR cpe:/a:adobe:flex_sdk:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash:*:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:sp2:*:*:professional:*:x86:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20063311
    V
    		CVE-2006-3311
    2015-11-16
    oval:org.mitre.oval:def:394
    V
    		SWF Movie Arbitrary Code Execution Vulnerability
    2013-04-15
    BACK
    adobe flash player 8
    adobe flash player *
    adobe flash player mx_2004
    adobe flex sdk 1.5
    adobe flash professional 8
    adobe flex sdk 1.5
    macromedia flash *
    adobe flash player 8.0
    adobe flash player 8.0.24.0
    adobe flash player 8.0.22.0
    gentoo linux *
    microsoft windows xp - sp2
    suse suse linux 9.2
    novell linux desktop 9
    apple mac os x 10.3.9
    apple mac os x server 10.3.9
    suse suse linux 10.0
    redhat rhel extras 3
    redhat rhel extras 4
    suse suse linux 10.1
    turbolinux turbolinux fuji
    suse suse linux 9.3