Flash Player swf Processing Multiple Unspecified Code Execution (APSB06-03)

medium Nessus Plugin ID 21079

Synopsis

The remote Windows host contains a browser plugin that is affected by several critical flaws.

Description

According to its version number, the instance of Flash Player on the remote Windows host contains multiple critical and as-yet unspecified vulnerabilities that could allow an attacker to take control of the affected host. To exploit these issues, a user must load a malicious SWF file in Flash Player.

Solution

Upgrade to Flash Player version 8.0.24.0 / 7.0.63.0 or later.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2006/ms06-020

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2006/916208

http://www.nessus.org/u?a9eff3e8

Plugin Details

Severity: Medium

ID: 21079

File Name: flash_player_apsb06-03.nasl

Version: 1.26

Type: local

Agent: windows

Family: Windows

Published: 3/15/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:adobe:flash_player

Required KB Items: SMB/Flash_Player/installed

Exploit Ease: No known exploits are available

Patch Publication Date: 11/15/2006

Vulnerability Publication Date: 3/15/2006

Reference Information

CVE: CVE-2006-0024

BID: 17106

MSFT: MS06-020

MSKB: 323166