Vulnerability Note VU#474593
Adobe Flash Player fails to properly handle malformed SWF files
Adobe Flash Player fails to properly handle malformed SWF files resulting in a memory corruption vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.
Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. The SWF file format is used by Adobe Flash multimedia files. See the Adobe File Format Specification FAQ for more information on the SWF file format.
Adobe Flash Player fails to properly handle malformed SWF files. If a remote attacker can persuade a user to access a specially crafted SWF file, system memory may be corrupted in a way that may allow an attacker to execute arbitrary code.
A remote attacker with the ability to supply a specially crafted SWF file to a vulnerable host may be able to execute arbitrary code on that system. The attacker-supplied code would be executed with the privileges of the user opening the file.
Upgrade Flash Player
Disable Adobe Flash Player in your web browser
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Adobe||Affected||11 Jul 2006||13 Jul 2006|
|Microsoft Corporation||Affected||12 Jul 2006||14 Nov 2006|
|Apple Computer, Inc.||Unknown||12 Jul 2006||12 Jul 2006|
CVSS Metrics (Learn More)
This vulnerability was reported by Haifei Li of the Fortinet Security Research Team.
This document was written by Jeff Gennari.
- CVE IDs: CVE-2006-3587
- Date Public: 10 Jul 2006
- Date First Published: 13 Jul 2006
- Date Last Updated: 14 Nov 2006
- Severity Metric: 34.02
- Document Revision: 65
If you have feedback, comments, or additional information about this vulnerability, please send us email.