PT-2006-4204 · Adobe · Flash Mx 2004+3
Stuart Pearson
·
Published
2006-09-12
·
Updated
2018-10-18
·
CVE-2006-3311
CVSS v2.0
5.1
Medium
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Adobe Flash Player versions 8.0.24.0 and earlier
Adobe Flash Professional version 8
Adobe Flash MX 2004
Adobe Flex version 1.5
Description
A buffer overflow issue allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
Recommendations
For Adobe Flash Player versions 8.0.24.0 and earlier, update to a version later than 8.0.24.0 to resolve the issue.
For Adobe Flash Professional version 8, consider disabling the creation of dynamically created strings in SWF movies until a patch is available.
For Adobe Flash MX 2004, restrict the use of long strings in SWF movies to minimize the risk of exploitation.
For Adobe Flex version 1.5, avoid using dynamically created strings in SWF movies until the issue is resolved.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Flash Mx 2004
Flash Player
Flash Professional
Flex