CVE-2005-3591

Name of the Vulnerable Software and Affected Versions Macromedia Flash plugin versions 7.0.19.0 and earlier (Windows) Macromedia Flash plugin libflashplayer.so versions prior to 7.0.25.0 (Unix)

Description The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file. This is due to an improper memory access condition.

Recommendations For Macromedia Flash plugin versions 7.0.19.0 and earlier (Windows), update to a version later than 7.0.19.0. For Macromedia Flash plugin libflashplayer.so versions prior to 7.0.25.0 (Unix), update to version 7.0.25.0 or later. As a temporary workaround, consider restricting the use of the ActionDefineFunction ActionScript call in SWF files until a patch is available.