search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Macromedia Flash Player fails to properly validate the frame type identifier read from a "SWF" file

Vulnerability Note VU#146284

Original Release Date: 2005-11-11 | Last Revised: 2006-05-09

Overview

A buffer overflow vulnerability in some versions of the Macromedia Flash Player may allow a remote attacker to execute code on a vulnerable system.

Description

The Macromedia Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser.

Some versions of the Flash Player, specifically 7.0.53.0 and earlier, contain an array bounds checking error in the way that they handle a frame type identifier read from the Flash (SWF) file. This error can results in a heap memory access vulnerability that could allow an attacker to execute arbitrary code. A maliciously crafted SWF that exploits this vulnerability could be supplied through a web page, for example.

Note that vulnerable versions of the Flash Player are provided with a number of versions of Microsoft Windows, Apple's Mac OS X, and some distributions of the Linux operating systems.

Impact

A remote attacker with the ability to supply a specially crafted SWF file to a vulnerable host may be able to execute arbitrary code on that system. The attacker-supplied code would be executed with the privileges of the user opening the file.

Solution

Apply a patch

Patches have been released in response to this issue. Please see the Systems Affected section of this document for more information.

Workarounds


Microsoft has published a number of workarounds for users of the affected products on Microsoft Windows platforms. Please see the Workarounds section of Microsoft Security Bulletin MS06-020 for more information.

Vendor Information

146284
 
Expand all

CVSS Metrics

Group Score Vector
Base 0 AV:--/AC:--/Au:--/C:--/I:--/A:--
Temporal 0 E:ND/RL:ND/RC:ND
Environmental 0 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Acknowledgements

The CERT/CC credits eEye Digital Security and SEC Consult for reporting this vulnerability.

This document was written by Chad R Dougherty based on information provided by Macromedia, Inc. and eEye Digital Security.

Other Information

CVE IDs: CVE-2005-2628
Severity Metric: 13.50
Date Public: 2005-11-07
Date First Published: 2005-11-11
Date Last Updated: 2006-05-09 18:23 UTC
Document Revision: 21

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis