===================================================================== CERT-Renater Note d'Information No. 2006/VULN528 _____________________________________________________________________ DATE : 15/11/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows XP running Macromedia Flash Player. ====================================================================== MS06-069 - Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789) Affected Software: - Microsoft Windows XP Service Pack 2 - Microsoft Windows XP Professional x64 Edition Full MS06-069 Advisory: - http://www.microsoft.com/technet/security/Bulletin/MS06-069.mspx Vulnerability Details Macromedia Flash Player Vulnerabilities: CVE-2006-3311, CVE-2006-3014, CVE-2006-3587, CVE-2006-3588 and CVE-2006-4640 Several remote code execution vulnerabilities exist in Macromedia Flash Player from Adobe because of the way that it handles Flash Animation (SWF) files. An attacker could exploit these vulnerabilities by constructing a specially crafted Flash Animation (SWF) file that could potentially allow remote code execution if a user visited a Web site containing the specially crafted SWF file. The specially crafted SWF file could also be sent as an e-mail attachment. A user would only be at risk if opening this e-mail attachment. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================