Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-3591 — Improper Input Validation in Flash Player

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGHNVD

CNA5.1

EPSS

41.1%

top 2.61%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Macromedia Flash Player

Timeline

PublishedNov 16

Latest updateMay 1

Description

Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmacromedia/flash_player8 versions+7

Patches

Patch: secunia.com ↗Patch: www.sec-consult.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-97j6-6mvm-p2r4: Macromedia Flash plugin (1) Flash↗2022-05-01

▶

CVEList

CVE-2005-3591: Macromedia Flash plugin (1) Flash↗2005-11-16

▶

💥Exploits & PoCs

Exploit-DB

Macromedia Flash Plugin 7.0.19.0 - 'action' Denial of Service↗2005-11-18

▶