Vulnerability CVE-2006-3588

Vulnerability Name:

CVE-2006-3588 (CCN-27602)

Assigned:

2006-07-05

Published:

2006-07-05

Updated:

2018-10-12

Summary:

Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
1.9 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2006-3588

Source: CCN
Type: Mac OS X 10.4.8 and Security Update 2006-006
About the security content of the Mac OS X 10.4.8 Update and Security Update 2006-006

Source: APPLE
Type: UNKNOWN
APPLE-SA-2006-09-29

Source: CCN
Type: RHSA-2006-0674
flash-plugin security update

Source: CCN
Type: SA21865
Adobe Flash Player Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
21865

Source: SECUNIA
Type: Vendor Advisory
21901

Source: SECUNIA
Type: Vendor Advisory
22054

Source: CCN
Type: SA22187
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
22187

Source: SECUNIA
Type: Vendor Advisory
22268

Source: CCN
Type: SA22882
Microsoft Windows Flash Player Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
22882

Source: GENTOO
Type: UNKNOWN
GLSA-200610-02

Source: CCN
Type: SECTRACK ID: 1016449
Macromedia Flash Player Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1016449

Source: CCN
Type: SECTRACK ID: 1016829
Adobe Flash Player Input Validation Bugs Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1016829

Source: CCN
Type: ASA-2006-192
flash-plugin security update (RHSA-2006-0674)

Source: CCN
Type: ASA-2006-253
Microsoft Security Bulletin Summary for November 2006 (MS06-66 - MS06-71)

Source: CCN
Type: Adobe Web site
Adobe Flash Player Download Center

Source: CCN
Type: Adobe Product Security Bulletin APSB06-11
Multiple Vulnerabilities in Adobe Flash Player 8.0.24.0 and Earlier Versions

Source: CONFIRM
Type: UNKNOWN
http://www.adobe.com/support/security/bulletins/apsb06-11.html

Source: CCN
Type: FortiGuard Advisory (FGA-2006-21)
Denial of Service Vulnerability in Macromedia Flash Player

Source: MISC
Type: Vendor Advisory
http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-21.html

Source: CCN
Type: GLSA-200610-02
Adobe Flash Player: Arbitrary code execution

Source: CCN
Type: Microsoft Security Bulletin MS06-069
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:053

Source: OSVDB
Type: UNKNOWN
28733

Source: CCN
Type: OSVDB ID: 28733
Adobe Flash Player Malformed SWF Processing Unspecified DoS

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0674

Source: BID
Type: UNKNOWN
18894

Source: CCN
Type: BID-18894
Macromedia Flash Malformed SWF File Multiple Vulnerabilities

Source: BID
Type: UNKNOWN
19980

Source: CCN
Type: BID-19980
Adobe Flash Player Multiple Remote Code Execution Vulnerabilities

Source: CCN
Type: TLSA-2006-26
Multiple vulnerabilities in flash-player

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA06-275A
Multiple Vulnerabilities in Apple and Adobe Products

Source: CERT
Type: US Government Resource
TA06-318A

Source: VUPEN
Type: Vendor Advisory
ADV-2006-2702

Source: VUPEN
Type: Vendor Advisory
ADV-2006-3573

Source: VUPEN
Type: Vendor Advisory
ADV-2006-3577

Source: VUPEN
Type: Vendor Advisory
ADV-2006-3852

Source: VUPEN
Type: Vendor Advisory
ADV-2006-4507

Source: MS
Type: UNKNOWN
MS06-069

Source: XF
Type: UNKNOWN
macromedia-swf-dos(27602)

Source: XF
Type: UNKNOWN
macromedia-swf-dos(27602)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:432

Source: SUSE
Type: SUSE-SA:2006:053
flash-player security problem

Vulnerable Configuration:

Configuration 1:

cpe:/a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:adobe:flash:professional:8:*:*:*:*:*:*

OR cpe:/a:adobe:flex_sdk:1.5:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash:basic:8:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:-:sp2:*:*:professional:*:x86:*

OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20063588	V	CVE-2006-3588	2015-11-16
oval:org.mitre.oval:def:432	V	Malformed, Compressed .swf File Arbitrary Code Execution Vulnerability	2013-04-15

BACK