CVE-2005-2628 — Improper Input Validation in Flash Player

CWE-20 — Improper Input Validation9 documents5 sources

Severity

7.5HIGHNVD

NVD5.1CNA5.1

EPSS

32.7%

top 3.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Macromedia Flash Player

Timeline

PublishedNov 5

Latest updateMay 1

Description

Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDmacromedia/flash_player8 versions+7

Patches

Patch: www.macromedia.com ↗Patch: www.securityfocus.com ↗Patch: www.macromedia.com ↗

🔴Vulnerability Details

GHSA

GHSA-w2qj-7r9p-38pm: Macromedia Flash 6 and 7 (Flash↗2022-05-01

▶

GHSA

GHSA-97j6-6mvm-p2r4: Macromedia Flash plugin (1) Flash↗2022-05-01

▶

CVEList

CVE-2005-3591: Macromedia Flash plugin (1) Flash↗2005-11-16

▶

CVEList

CVE-2005-2628: Macromedia Flash 6 and 7 (Flash↗2005-11-05

▶

📋Vendor Advisories

Red Hat

security flaw↗2005-11-04

▶

💬Community

Bugzilla

CVE-2005-2628 security flaw↗2018-08-16

▶

Bugzilla

CVE-2005-2628 Macromedia Flash buffer overflow↗2005-11-08

▶