CVE-2005-2628
published 2005-11-05CVE-2005-2628: Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an…
PriorityP432medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
6.76%
93.2th percentile
Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| macromedia | flash_player | — | — |
| macromedia | flash_player | — | — |
| macromedia | flash_player | — | — |
| macromedia | flash_player | — | — |
| macromedia | flash_player | — | — |
| macromedia | flash_player | — | — |
| macromedia | flash_player | — | — |
| macromedia | flash_player | — | — |
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
vendor_redhat5.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w2qj-7r9p-38pm: Macromedia Flash 6 and 7 (Flash
ghsa_unreviewed·2022-05-01
CVE-2005-2628 [MEDIUM] GHSA-w2qj-7r9p-38pm: Macromedia Flash 6 and 7 (Flash
Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.
GHSA
GHSA-97j6-6mvm-p2r4: Macromedia Flash plugin (1) Flash
ghsa_unreviewed·2022-05-01·CVSS 5.1
CVE-2005-3591 [MEDIUM] CWE-20 GHSA-97j6-6mvm-p2r4: Macromedia Flash plugin (1) Flash
Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628.
Red Hat
security flaw
vendor_redhat·2005-11-04·CVSS 5.1
CVE-2005-2628 [MEDIUM] security flaw
security flaw
Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2005-2628 security flaw
bugzilla·2018-08-16·CVSS 5.1
CVE-2005-2628 [MEDIUM] CVE-2005-2628 security flaw
CVE-2005-2628 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.
Bugzilla
CVE-2005-2628 Macromedia Flash buffer overflow
bugzilla·2005-11-08·CVSS 5.1
CVE-2005-2628 [MEDIUM] CVE-2005-2628 Macromedia Flash buffer overflow
CVE-2005-2628 Macromedia Flash buffer overflow
Macromedia Flash buffer overflow
Macromeda has released Flash versions 7.0.61.0 and 7.0.60.0 which fix
a buffer overflow issue which could lead to arbitrary code execution.
http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html
Discussion:
Looks good from the functional testing I did.
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2005-835.html
http://lists.apple.com/archives/security-announce/2006/May/msg00003.htmlhttp://secunia.com/advisories/17430http://secunia.com/advisories/17437/http://secunia.com/advisories/17481http://secunia.com/advisories/17626/http://secunia.com/advisories/17738http://secunia.com/advisories/20045http://secunia.com/advisories/20077http://securitytracker.com/id?1015156http://www.gentoo.org/security/en/glsa/glsa-200511-21.xmlhttp://www.kb.cert.org/vuls/id/146284http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.htmlhttp://www.novell.com/linux/security/advisories/2005_27_sr.htmlhttp://www.osvdb.org/18825http://www.redhat.com/support/errata/RHSA-2005-835.htmlhttp://www.securityfocus.com/archive/1/415789/30/0/threadedhttp://www.securityfocus.com/bid/15332http://www.securityfocus.com/bid/17951http://www.us-cert.gov/cas/techalerts/TA06-129A.htmlhttp://www.us-cert.gov/cas/techalerts/TA06-132A.htmlhttp://www.vupen.com/english/advisories/2005/2317http://www.vupen.com/english/advisories/2006/1744http://www.vupen.com/english/advisories/2006/1779https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-020https://exchange.xforce.ibmcloud.com/vulnerabilities/22959https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1557https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1987http://lists.apple.com/archives/security-announce/2006/May/msg00003.htmlhttp://secunia.com/advisories/17430http://secunia.com/advisories/17437/http://secunia.com/advisories/17481http://secunia.com/advisories/17626/http://secunia.com/advisories/17738http://secunia.com/advisories/20045http://secunia.com/advisories/20077http://securitytracker.com/id?1015156http://www.gentoo.org/security/en/glsa/glsa-200511-21.xmlhttp://www.kb.cert.org/vuls/id/146284http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.htmlhttp://www.novell.com/linux/security/advisories/2005_27_sr.htmlhttp://www.osvdb.org/18825http://www.redhat.com/support/errata/RHSA-2005-835.htmlhttp://www.securityfocus.com/archive/1/415789/30/0/threadedhttp://www.securityfocus.com/bid/15332http://www.securityfocus.com/bid/17951http://www.us-cert.gov/cas/techalerts/TA06-129A.htmlhttp://www.us-cert.gov/cas/techalerts/TA06-132A.htmlhttp://www.vupen.com/english/advisories/2005/2317http://www.vupen.com/english/advisories/2006/1744http://www.vupen.com/english/advisories/2006/1779https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-020https://exchange.xforce.ibmcloud.com/vulnerabilities/22959https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1557https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1987
2005-11-05
Published