Info

Disclosure

Sep 12, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Nov 14, 2006

Description

Adobe Flash Player contains a flaw that may allow a malicious user to bypass certain security restrictions. The issue is triggered due to an unspecified error. It is possible that the flaw may allow bypassing the 'allowScriptAccess' option resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Attack Type Unknown
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 9.0.16.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Adobe Systems Incorporated

Flash Player

8.0.24

References

Bugtraq ID: 19980
CVE ID: 2006-4640 (see also: NVD)
Secunia Advisory ID: 21865 22054 22882
SCIP VulDB ID: 2524
Related OSVDB ID: 27113 27507 28732 28733
ISS X-Force ID: 28887
Microsoft Knowledge Base Article: 923789
VUPEN Advisory: ADV-2006-3573
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=304460
http://lists.suse.com/archive/suse-security-announce/2006-Sep/0007.html
http://www.adobe.com/support/security/bulletins/apsb06-11.html
Vendor Specific News/Changelog Entry: http://www.microsoft.com/technet/security/advisory/925143.mspx
Microsoft Security Bulletin: MS06-069

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/28734