Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:STREAM:FLASH-MEMORY

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Macromedia Flash Player Improper Memory Access

Release Date

 2010/09/23

Update Number

 1778

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Macromedia Flash Player Improper Memory Access


This signature detects attempts to exploit a known vulnerability against Macromedia Flash Player. A successful attack can lead to arbitrary code execution.

Extended Description

The Flash plug-in is vulnerable to an input-validation error that can be reliably exploited to execute arbitrary code. The vulnerability is due to an input-validation error for a critical array index value. An attacker can exploit this vulnerability to execute arbitrary code. The most likely vector of attack is through a malicious SWF file designed to trigger the vulnerability that has been placed on a website. Macromedia Flash 6 and 7 are reported affected.

Affected Products

  • Gentoo Linux
  • Macromedia Flash 6.0.0
  • Macromedia Flash 6.0.29 .0
  • Macromedia Flash 6.0.40 .0
  • Macromedia Flash 6.0.47 .0
  • Macromedia Flash 6.0.65 .0
  • Macromedia Flash 6.0.79 .0
  • Macromedia Flash 7.0.0 r19
  • Macromedia Flash 7.0.19 .0
  • Microsoft Windows 98
  • Microsoft Windows 98SE
  • Microsoft Windows ME
  • Microsoft Windows XP
  • Microsoft Windows XP 64-bit Edition SP1
  • Microsoft Windows XP 64-bit Edition
  • Microsoft Windows XP 64-bit Edition Version 2003 SP1
  • Microsoft Windows XP 64-bit Edition Version 2003
  • Microsoft Windows XP Home SP1
  • Microsoft Windows XP Home SP2
  • Microsoft Windows XP Home
  • Microsoft Windows XP Media Center Edition SP1
  • Microsoft Windows XP Media Center Edition SP2
  • Microsoft Windows XP Media Center Edition
  • Microsoft Windows XP Professional SP1
  • Microsoft Windows XP Professional SP2
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Tablet PC Edition SP1
  • Microsoft Windows XP Tablet PC Edition SP2
  • Microsoft Windows XP Tablet PC Edition
  • Netscape Browser 8.0.3 .3
  • Netscape Browser 8.0.4
  • SuSE Linux Personal 9.0.0
  • SuSE Linux Personal 9.0.0 X86 64
  • SuSE Linux Personal 9.1.0
  • SuSE Linux Personal 9.1.0 X86 64
  • SuSE Linux Professional 9.0.0
  • SuSE Linux Professional 9.0.0 X86 64
  • SuSE Linux Professional 9.1.0
  • SuSE Linux Professional 9.1.0 X86 64

References

  • BugTraq: 15332
  • CVE: CVE-2005-2628

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out