Vulnerability Note VU#146284

Macromedia Flash Player fails to properly validate the frame type identifier read from a "SWF" file

Original Release date: 11 Nov 2005 | Last revised: 09 May 2006


A buffer overflow vulnerability in some versions of the Macromedia Flash Player may allow a remote attacker to execute code on a vulnerable system.


The Macromedia Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser.

Some versions of the Flash Player, specifically and earlier, contain an array bounds checking error in the way that they handle a frame type identifier read from the Flash (SWF) file. This error can results in a heap memory access vulnerability that could allow an attacker to execute arbitrary code. A maliciously crafted SWF that exploits this vulnerability could be supplied through a web page, for example.

Note that vulnerable versions of the Flash Player are provided with a number of versions of Microsoft Windows, Apple's Mac OS X, and some distributions of the Linux operating systems.


A remote attacker with the ability to supply a specially crafted SWF file to a vulnerable host may be able to execute arbitrary code on that system. The attacker-supplied code would be executed with the privileges of the user opening the file.


Apply a patch

Patches have been released in response to this issue. Please see the Systems Affected section of this document for more information.


Microsoft has published a number of workarounds for users of the affected products on Microsoft Windows platforms. Please see the Workarounds section of Microsoft Security Bulletin MS06-020 for more information.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer, Inc.Affected15 Nov 200509 May 2006
Gentoo LinuxAffected-28 Nov 2005
Macromedia, Inc.Affected15 Nov 200515 Nov 2005
Microsoft CorporationAffected15 Nov 200509 May 2006
Red Hat, Inc.Affected-11 Nov 2005
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



The CERT/CC credits eEye Digital Security and SEC Consult for reporting this vulnerability.

This document was written by Chad R Dougherty based on information provided by Macromedia, Inc. and eEye Digital Security.

Other Information

  • CVE IDs: CVE-2005-2628
  • Date Public: 07 Nov 2005
  • Date First Published: 11 Nov 2005
  • Date Last Updated: 09 May 2006
  • Severity Metric: 13.50
  • Document Revision: 19


If you have feedback, comments, or additional information about this vulnerability, please send us email.