First published: Sat Nov 05 2005(Updated: )
Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Flash Player | =6.0 | |
Adobe Flash Player | =6.0.29.0 | |
Adobe Flash Player | =6.0.40.0 | |
Adobe Flash Player | =6.0.47.0 | |
Adobe Flash Player | =6.0.65.0 | |
Adobe Flash Player | =6.0.79.0 | |
Adobe Flash Player | =7.0.19.0 | |
Adobe Flash Player | =7.0_r19 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2005-2628 is considered critical due to the potential for remote code execution.
To mitigate CVE-2005-2628, upgrade to a patched version of Macromedia Flash Player that addresses this vulnerability.
CVE-2005-2628 affects Macromedia Flash Player versions 6.0.x and 7.0.x.
Exploitation of CVE-2005-2628 may result in arbitrary code execution on affected systems.
Users of Macromedia Flash Player versions 6 and 7, particularly those who open malicious SWF files, are vulnerable to CVE-2005-2628.