Vulnerability CVE-2006-4640

Vulnerability Name:

CVE-2006-4640 (CCN-28887)

Assigned:

2006-09-12

Published:

2006-09-12

Updated:

2018-10-12

Summary:

Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: Full-Disclosure Mailing List, Tue Sep 12 2006 - 15:07:32 CDT
Computer Terrorism (UK) :: Incident Response Centre - Adobe/Macromedia Flash Player Vulnerability

Source: MITRE
Type: CNA
CVE-2006-4640

Source: CCN
Type: Mac OS X 10.4.8 and Security Update 2006-006
About the security content of the Mac OS X 10.4.8 Update and Security Update 2006-006

Source: APPLE
Type: UNKNOWN
APPLE-SA-2006-09-29

Source: CCN
Type: RHSA-2006-0674
flash-plugin security update

Source: CCN
Type: SA21865
Adobe Flash Player Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
21865

Source: SECUNIA
Type: Vendor Advisory
22054

Source: CCN
Type: SA22187
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
22187

Source: CCN
Type: SA22882
Microsoft Windows Flash Player Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
22882

Source: CCN
Type: ASA-2006-192
flash-plugin security update (RHSA-2006-0674)

Source: CCN
Type: ASA-2006-253
Microsoft Security Bulletin Summary for November 2006 (MS06-66 - MS06-71)

Source: CCN
Type: Adobe Web site
Adobe Flash Player Download Center

Source: CCN
Type: Adobe Product Security Bulletin APSB06-11
Multiple Vulnerabilities in Adobe Flash Player 8.0.24.0 and Earlier Versions

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb06-11.html

Source: CCN
Type: US-CERT VU#168372
Adobe Flash Player allowScriptAccess protection bypass vulnerability

Source: CERT-VN
Type: US Government Resource
VU#168372

Source: CCN
Type: Microsoft Security Bulletin MS06-069
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:053

Source: OSVDB
Type: UNKNOWN
28734

Source: CCN
Type: OSVDB ID: 28734
Adobe Flash Player allowScriptAccess Protection Unspecified Bypass

Source: BID
Type: UNKNOWN
19980

Source: CCN
Type: BID-19980
Adobe Flash Player Multiple Remote Code Execution Vulnerabilities

Source: CCN
Type: TLSA-2006-26
Multiple vulnerabilities in flash-player

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA06-275A
Multiple Vulnerabilities in Apple and Adobe Products

Source: CERT
Type: US Government Resource
TA06-275A

Source: CERT
Type: US Government Resource
TA06-318A

Source: VUPEN
Type: UNKNOWN
ADV-2006-3573

Source: VUPEN
Type: UNKNOWN
ADV-2006-3577

Source: VUPEN
Type: UNKNOWN
ADV-2006-3852

Source: VUPEN
Type: UNKNOWN
ADV-2006-4507

Source: MS
Type: UNKNOWN
MS06-069

Source: XF
Type: UNKNOWN
flashplayer-allowscript-security-bypass(28887)

Source: XF
Type: UNKNOWN
flashplayer-allowscriptacces-security-bypass(28887)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:709

Source: SUSE
Type: SUSE-SA:2006:053
flash-player security problem

Vulnerable Configuration:

Configuration 1:

cpe:/a:adobe:flash_player:*:*:basic:*:*:*:*:*

OR cpe:/a:adobe:flash_player:8:*:pro:*:*:*:*:*

OR cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 8.0.24.0)

OR cpe:/a:adobe:flash_player:mx_2004:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:adobe:flash:professional:8:*:*:*:*:*:*

OR cpe:/a:adobe:flex_sdk:1.5:*:*:*:*:*:*:*

OR cpe:/a:macromedia:flash:*:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_xp:-:sp2:*:*:professional:*:x86:*

OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20064640	V	CVE-2006-4640	2015-11-16
oval:org.mitre.oval:def:709	V	Adobe Flash Player allowScriptAccess protection bypass vulnerability	2013-04-15

BACK