CVE-2006-3311
published 2006-09-12CVE-2006-3311: Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute…
PriorityP432medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
16.61%
96.6th percentile
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | flash_player | <= 8.0.24.0 | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flex_sdk | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is a malicious SWF movie file containing a long, dynamically created string triggering a buffer overflow in Adobe Flash Player ↗
- ·Vulnerability affects Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5; detections should target these specific versions ↗
- ·CVE-2006-3014 mentioned in the same Adobe advisory (APSB06-11) but only affects the Windows platform — scope detections accordingly ↗
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
vendor_redhat5.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gvvr-v2c3-c74r: Buffer overflow in Adobe Flash Player 8
ghsa_unreviewed·2022-05-01
CVE-2006-3311 [MEDIUM] GHSA-gvvr-v2c3-c74r: Buffer overflow in Adobe Flash Player 8
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
Red Hat
security flaw
vendor_redhat·2006-09-12·CVSS 5.1
CVE-2006-3311 [MEDIUM] security flaw
security flaw
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-3311 security flaw
bugzilla·2018-08-16·CVSS 5.1
CVE-2006-3311 [MEDIUM] CVE-2006-3311 security flaw
CVE-2006-3311 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
Bugzilla
CVE-2006-3311 Multiple flash-plug flaws (CVE-2006-3587 CVE-2006-3588)
bugzilla·2006-09-11·CVSS 5.1
CVE-2006-3311 [MEDIUM] CVE-2006-3311 Multiple flash-plug flaws (CVE-2006-3587 CVE-2006-3588)
CVE-2006-3311 Multiple flash-plug flaws (CVE-2006-3587 CVE-2006-3588)
Abode notified us that a new Flash 7 player will be released on September 12th
to fix critical security flaws.
Multiple input validation errors have been identified in Flash
Player 8.0.24.0 and earlier versions that could lead to the
potential execution of arbitrary code. These vulnerabilities
could be accessed through content delivered from a remote
location via the user’s web browser, email client, or other
applications that include or reference the Flash
Player. (CVE-2006-3311, CVE-2006-3587, CVE-2006-3588)
CVE-2006-3014 is also mentioned in their advisory but only affects the Windows
platform.
Probably Affects: RHEL3 Extras
Probably Affects: RHEL4 Extras
Discussion:
removing embargo, this is now public at
http:
http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.htmlhttp://secunia.com/advisories/21865http://secunia.com/advisories/21901http://secunia.com/advisories/22054http://secunia.com/advisories/22187http://secunia.com/advisories/22268http://secunia.com/advisories/22882http://security.gentoo.org/glsa/glsa-200610-02.xmlhttp://securityreason.com/securityalert/1546http://securitytracker.com/id?1016829http://www.adobe.com/support/security/bulletins/apsb06-11.htmlhttp://www.computerterrorism.com/research/ct12-09-2006.htmhttp://www.kb.cert.org/vuls/id/451380http://www.novell.com/linux/security/advisories/2006_53_flashplayer.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0674.htmlhttp://www.securityfocus.com/archive/1/445825/100/0/threadedhttp://www.securityfocus.com/bid/19980http://www.us-cert.gov/cas/techalerts/TA06-275A.htmlhttp://www.us-cert.gov/cas/techalerts/TA06-318A.htmlhttp://www.vupen.com/english/advisories/2006/3573http://www.vupen.com/english/advisories/2006/3577http://www.vupen.com/english/advisories/2006/3852http://www.vupen.com/english/advisories/2006/4507https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069https://exchange.xforce.ibmcloud.com/vulnerabilities/28886https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A394http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.htmlhttp://secunia.com/advisories/21865http://secunia.com/advisories/21901http://secunia.com/advisories/22054http://secunia.com/advisories/22187http://secunia.com/advisories/22268http://secunia.com/advisories/22882http://security.gentoo.org/glsa/glsa-200610-02.xmlhttp://securityreason.com/securityalert/1546http://securitytracker.com/id?1016829http://www.adobe.com/support/security/bulletins/apsb06-11.htmlhttp://www.computerterrorism.com/research/ct12-09-2006.htmhttp://www.kb.cert.org/vuls/id/451380http://www.novell.com/linux/security/advisories/2006_53_flashplayer.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0674.htmlhttp://www.securityfocus.com/archive/1/445825/100/0/threadedhttp://www.securityfocus.com/bid/19980http://www.us-cert.gov/cas/techalerts/TA06-275A.htmlhttp://www.us-cert.gov/cas/techalerts/TA06-318A.htmlhttp://www.vupen.com/english/advisories/2006/3573http://www.vupen.com/english/advisories/2006/3577http://www.vupen.com/english/advisories/2006/3852http://www.vupen.com/english/advisories/2006/4507https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069https://exchange.xforce.ibmcloud.com/vulnerabilities/28886https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A394
2006-09-12
Published