Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:SWF:HEAP-OF

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Shockwave Flash Heap Overflow

Release Date

 2006/05/09

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Shockwave Flash Heap Overflow


This signature detects a Shockwave File (SWF) file containing malicious content. A memory allocation problem is at the root of the vulnerability. A successful exploit can lead to arbitrary remote code execution.

Extended Description

The Macromedia Flash plug-in is susceptible to multiple unspecified vulnerabilities. An attacker can potentially exploit these vulnerabilities to execute arbitrary code. The most likely vector of attack is through a malicious SWF file that has been designed to trigger the vulnerability and has been placed on a website. A denial-of-service condition may also occur. Versions of the Flash Player prior to 7.0.63.0 and 8.0.24.0 are vulnerable to these issues.

Affected Products

  • Apple Mac OS X 10.4.0
  • Apple Mac OS X 10.4.1
  • Apple Mac OS X 10.4.10
  • Apple Mac OS X 10.4.11
  • Apple Mac OS X 10.4.2
  • Apple Mac OS X 10.4.3
  • Apple Mac OS X 10.4.4
  • Apple Mac OS X 10.4.5
  • Apple Mac OS X 10.4.6
  • Apple Mac OS X 10.4.7
  • Apple Mac OS X 10.4.8
  • Apple Mac OS X 10.4.9
  • Apple Mac OS X 10.5
  • Apple Mac OS X 10.5.1
  • Apple Mac OS X Server 10.4.0
  • Apple Mac OS X Server 10.4.1
  • Apple Mac OS X Server 10.4.10
  • Apple Mac OS X Server 10.4.11
  • Apple Mac OS X Server 10.4.2
  • Apple Mac OS X Server 10.4.3
  • Apple Mac OS X Server 10.4.4
  • Apple Mac OS X Server 10.4.5
  • Apple Mac OS X Server 10.4.6
  • Apple Mac OS X Server 10.4.7
  • Apple Mac OS X Server 10.4.8
  • Apple Mac OS X Server 10.4.9
  • Apple Mac OS X Server 10.5
  • Apple Mac OS X Server 10.5.1
  • Gentoo Linux
  • Macromedia Breeze Meeting Add-In
  • Macromedia Flash 4.0.0 r12
  • Macromedia Flash 5.0.0
  • Macromedia Flash 5.0.0 R50
  • Macromedia Flash 6.0.0
  • Macromedia Flash 6.0.29 .0
  • Macromedia Flash 6.0.40 .0
  • Macromedia Flash 6.0.47 .0
  • Macromedia Flash 6.0.65 .0
  • Macromedia Flash 6.0.79 .0
  • Macromedia Flash 7.0.0 r19
  • Macromedia Flash 7.0.19 .0
  • Macromedia Flash 7.0.25 .0
  • Macromedia Flash 7.0.60 .0
  • Macromedia Flash 7.0.61 .0
  • Macromedia Flash 8.0.22 .0
  • Macromedia Flash MX 2004
  • Macromedia Flex 1.5.0
  • Macromedia Shockwave 1.0.0
  • Macromedia Shockwave 10.1.0.11
  • Macromedia Shockwave 2.0.0
  • Macromedia Shockwave 3.0.0
  • Macromedia Shockwave 4.0.0
  • Macromedia Shockwave 5.0.0
  • Macromedia Shockwave 6.0.0
  • Macromedia Shockwave 8.0.0
  • Macromedia Shockwave 8.5.1 r105
  • Macromedia Shockwave 8.5.1 r106
  • Microsoft Windows 98
  • Microsoft Windows 98SE
  • Microsoft Windows ME
  • Microsoft Windows XP
  • Microsoft Windows XP 64-bit Edition SP1
  • Microsoft Windows XP 64-bit Edition
  • Microsoft Windows XP 64-bit Edition Version 2003 SP1
  • Microsoft Windows XP 64-bit Edition Version 2003
  • Microsoft Windows XP Home SP1
  • Microsoft Windows XP Home SP2
  • Microsoft Windows XP Home
  • Microsoft Windows XP Media Center Edition SP1
  • Microsoft Windows XP Media Center Edition SP2
  • Microsoft Windows XP Media Center Edition
  • Microsoft Windows XP Professional SP1
  • Microsoft Windows XP Professional SP2
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Tablet PC Edition SP1
  • Microsoft Windows XP Tablet PC Edition SP2
  • Microsoft Windows XP Tablet PC Edition
  • Opera Software Opera Web Browser 8.0.0
  • Opera Software Opera Web Browser 8.0.0 1
  • Opera Software Opera Web Browser 8.0.0 2
  • Opera Software Opera Web Browser 8.50.0
  • Opera Software Opera Web Browser 8.51.0
  • Opera Software Opera Web Browser 8.52
  • Opera Software Opera Web Browser 8.53
  • Red Hat Enterprise Linux AS 3
  • Red Hat Enterprise Linux AS 4
  • Red Hat Enterprise Linux ES 3
  • Red Hat Enterprise Linux ES 4
  • Red Hat Enterprise Linux WS 3
  • Red Hat Enterprise Linux WS 4
  • SuSE Linux Personal 10.0.0 OSS
  • SuSE Linux Personal 9.0.0
  • SuSE Linux Personal 9.0.0 X86 64
  • SuSE Linux Personal 9.1.0
  • SuSE Linux Personal 9.1.0 X86 64
  • SuSE Linux Personal 9.2.0
  • SuSE Linux Personal 9.2.0 X86 64
  • SuSE Linux Personal 9.3.0
  • SuSE Linux Personal 9.3.0 X86 64
  • SuSE Linux Professional 10.0.0 OSS
  • SuSE Linux Professional 9.0.0
  • SuSE Linux Professional 9.0.0 X86 64
  • SuSE Linux Professional 9.1.0
  • SuSE Linux Professional 9.1.0 X86 64
  • SuSE Linux Professional 9.2.0
  • SuSE Linux Professional 9.2.0 X86 64
  • SuSE Linux Professional 9.3.0
  • SuSE Linux Professional 9.3.0 X86 64

References

  • BugTraq: 17106
  • CVE: CVE-2006-0024
  • URL: http://www.microsoft.com/technet/security/bulletin/MS06-020.mspx

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out