CVE-2006-3587
CVSS5.1
发布时间 :2006-07-13 17:05:00
修订时间 :2011-03-07 00:00:00
NMCOS    

[原文]Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.


[CNNVD]Apple Mac OS 不适当的内存注入错误漏洞(CNNVD-200607-222)

        Apple Ma OS X是苹果家族机器所使用的操作系统。
        Apple Mac OS X的多个组件存在漏洞,攻击者可能利用这些漏洞导致执行命令或拒绝服务。
        Flash播放器畸形SWF文件存在漏洞,远程攻击者可能利用此漏洞不适当的内存注入错误.
        
        

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:1050Flash Arbitrary Code Execution Vulnerability
oval:gov.nist.fdcc.patch:def:11536MS06-069: Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)
oval:gov.nist.USGCB.patch:def:11536MS06-069: Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3587
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3587
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200607-222
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/474593
(PATCH)  CERT-VN  VU#474593
http://www.us-cert.gov/cas/techalerts/TA06-318A.html
(UNKNOWN)  CERT  TA06-318A
http://xforce.iss.net/xforce/xfdb/27601
(PATCH)  XF  macromedia-swf-file-code-execution(27601)
http://secunia.com/advisories/20971
(VENDOR_ADVISORY)  SECUNIA  20971
http://www.vupen.com/english/advisories/2006/4507
(VENDOR_ADVISORY)  VUPEN  ADV-2006-4507
http://www.vupen.com/english/advisories/2006/3852
(VENDOR_ADVISORY)  VUPEN  ADV-2006-3852
http://www.vupen.com/english/advisories/2006/3577
(VENDOR_ADVISORY)  VUPEN  ADV-2006-3577
http://www.vupen.com/english/advisories/2006/3573
(VENDOR_ADVISORY)  VUPEN  ADV-2006-3573
http://www.vupen.com/english/advisories/2006/2702
(VENDOR_ADVISORY)  VUPEN  ADV-2006-2702
http://www.securityfocus.com/bid/19980
(UNKNOWN)  BID  19980
http://www.securityfocus.com/bid/18894
(UNKNOWN)  BID  18894
http://www.redhat.com/support/errata/RHSA-2006-0674.html
(UNKNOWN)  REDHAT  RHSA-2006:0674
http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html
(UNKNOWN)  SUSE  SUSE-SA:2006:053
http://www.microsoft.com/technet/security/bulletin/ms06-069.mspx
(UNKNOWN)  MS  MS06-069
http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-20.html
(VENDOR_ADVISORY)  MISC  http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-20.html
http://www.adobe.com/support/security/bulletins/apsb06-11.html
(UNKNOWN)  CONFIRM  http://www.adobe.com/support/security/bulletins/apsb06-11.html
http://securitytracker.com/id?1016829
(UNKNOWN)  SECTRACK  1016829
http://securitytracker.com/id?1016448
(UNKNOWN)  SECTRACK  1016448
http://security.gentoo.org/glsa/glsa-200610-02.xml
(UNKNOWN)  GENTOO  GLSA-200610-02
http://secunia.com/advisories/22882
(VENDOR_ADVISORY)  SECUNIA  22882
http://secunia.com/advisories/22268
(VENDOR_ADVISORY)  SECUNIA  22268
http://secunia.com/advisories/22187
(VENDOR_ADVISORY)  SECUNIA  22187
http://secunia.com/advisories/22054
(VENDOR_ADVISORY)  SECUNIA  22054
http://secunia.com/advisories/21901
(VENDOR_ADVISORY)  SECUNIA  21901
http://secunia.com/advisories/21865
(VENDOR_ADVISORY)  SECUNIA  21865
http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html
(UNKNOWN)  APPLE  APPLE-SA-2006-09-29

- 漏洞信息

Apple Mac OS 不适当的内存注入错误漏洞
中危 资料不足
2006-07-13 00:00:00 2006-09-27 00:00:00
远程  
        Apple Ma OS X是苹果家族机器所使用的操作系统。
        Apple Mac OS X的多个组件存在漏洞,攻击者可能利用这些漏洞导致执行命令或拒绝服务。
        Flash播放器畸形SWF文件存在漏洞,远程攻击者可能利用此漏洞不适当的内存注入错误.
        
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.apple.com

- 漏洞信息

27113
Adobe Flash Player Unspecified Arbitrary Code Execution
Loss of Integrity
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-07-05 2006-06-09
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Adobe Flash Player Multiple Remote Code Execution Vulnerabilities
Design Error 19980
Yes No
2006-09-12 12:00:00 2008-05-14 08:55:00
Stuart Pearson of Computer Terrorism (UK) Ltd is credited with the discovery of this vulnerability.

- 受影响的程序版本

Turbolinux Turbolinux FUJI
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 10.1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Nortel Networks Self-Service Peri NT Server 0
Nortel Networks Self-Service Peri IVR 0
Nortel Networks Enterprise Network Management System
Microsoft Windows XP Tablet PC Edition SP3
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows XP Tablet PC Edition SP1
Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP Professional x64 Edition SP3
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional SP3
Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP3
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Home SP3
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP Embedded SP1
Microsoft Windows XP Embedded
Microsoft Windows XP 64-bit Edition Version 2003 SP1
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows XP 64-bit Edition
Macromedia Flex 1.5
Macromedia Flash Professional MX 2004
Macromedia Flash MX 2004 7.0.63 .0
Macromedia Flash MX 2004
Macromedia Flash Basic 0
Macromedia Flash 8.0.24 .0
Macromedia Flash 8.0.22 .0
Macromedia Flash 7.0.63 .0
Macromedia Flash 7.0.61 .0
Macromedia Flash 7.0.60 .0
Macromedia Flash 7.0.25 .0
Macromedia Flash 7.0.19 .0
Macromedia Flash 7.0 r19
Macromedia Flash 6.0.79 .0
Macromedia Flash 6.0.65 .0
Macromedia Flash 6.0.47 .0
Macromedia Flash 6.0.40 .0
Macromedia Flash 6.0.29 .0
Macromedia Flash 6.0
Macromedia Flash 5.0 r50
Macromedia Flash 5.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 95 SR2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Macromedia Flash 4.0 r12
Gentoo net-www/netscape-flash 7.0.68
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.3.9
Apple Mac OS X Server 10.3.8
Apple Mac OS X Server 10.3.7
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.3.9
Apple Mac OS X 10.3.8
Apple Mac OS X 10.3.7
Apple Mac OS X 10.3.6
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.3.3
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3
Macromedia Flash 8.0.33.0
Macromedia Flash 7.0.68.0
Macromedia Flash 7.0.66.0
Macromedia Flash 6.0.88.0

- 不受影响的程序版本

Macromedia Flash 8.0.33.0
Macromedia Flash 7.0.68.0
Macromedia Flash 7.0.66.0
Macromedia Flash 6.0.88.0

- 漏洞讨论

Adobe Flash Player is prone to multiple remote code-execution vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker could exploit this issue by creating a media file containing large, dynamically generated string data and submitting it to be processed by the media player.

These issues allow remote attackers to execute arbitrary machine code in the context of the user running the application. Other attacks are also possible.

Adobe Flash Player 8.0.24.0 and prior, Adobe Flash Professional 8, Flash Basic, Adobe Flash MX, and 2004Adobe Flex 1.5 are affected.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

The vendor has released a fix. Please see the references for more information.


Microsoft Windows XP Media Center Edition SP2

Macromedia Flash Basic 0

Microsoft Windows XP Tablet PC Edition SP2

Macromedia Flash MX 2004

Microsoft Windows XP Home SP2

Macromedia Flex 1.5

Apple Mac OS X Server 10.3.9

Apple Mac OS X 10.3.9

Apple Mac OS X 10.4

Apple Mac OS X Server 10.4

Apple Mac OS X 10.4.2

Apple Mac OS X Server 10.4.3

Apple Mac OS X 10.4.3

Apple Mac OS X Server 10.4.4

Apple Mac OS X 10.4.4

Apple Mac OS X Server 10.4.5

Apple Mac OS X 10.4.5

Apple Mac OS X Server 10.4.6

Apple Mac OS X Server 10.4.7

Apple Mac OS X 10.4.7

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站