exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New


Posted Sep 13, 2006
Authored by Stuart Pearson

Adobe Flash Player versions and below, Adobe Flash Professional 8, Flash Basic, Adobe Flash MX 2004, and Adobe Flex 1.5 suffer from a remote code execution vulnerability through the simple invocation of a maliciously constructed web page.

tags | advisory, remote, web, code execution
SHA-256 | c2e62732e89a3add14dd48ce53da3fbb131196dafa28c9ee09bbf5a3edb3beb8


Change Mirror Download
Computer Terrorism  (UK) :: Incident Response Centre


Security Advisory: CT12-09-2006

Adobe/Macromedia Flash Player - Remote Code Execution

Advisory Date: 12th, September 2006

Severity: Critical
Impact: Remote System Access
Solution Status: Vendor Patch

CVE Reference: CVE-2006-3311

Affected Software

Adobe Flash Player and earlier versions
Adobe Flash Professional 8, Flash Basic
Adobe Flash MX 2004
Adobe Flex 1.5

Note: All OS Platforms are vulnerable


Adobe/Macromedia Flash Player is the world's most ubiquitous Browser plug-in
for Microsoft, Mozilla and Apple technologies. The plug-in claims to facilitate
high-impact web interfaces and interactive online advertising for circa 98% of
desktops globally.

Unfortunately, it transpires that Adobe Flash Player is prone to a remote
arbitrary code execution vulnerability, that allows an attacker to gain
control of a target system through the simple invocation of a maliciously
constructed web page.


The vulnerability originates out of Flash's failure to sufficiently handle
large dynamically generated strings at run time. As a result, it is possible
(using rudimentary Action Script) to create a .swf movie in such a way that
when processed by the Plug-in, will overwrite system memory at an explicit

More specifically, the aforementioned location can (with a certain degree of
accuracy) be attacker controlled via the direct manipulation of the overall
length of the generated string.

The net result is that of a partially controllable condition, which opens the
door to a multitude of differing exploitation vectors, including but not
limited to heap/stack overwrites, and/or 3rd party race conditions.


Computer Terrorism (UK) can confirm the un-disclosed production of a reliable
multi-platform & multi-browser Web based Proof-Of-Concept (PoC). Such an
exploit could be used in a web-based attack scenario, where unsuspecting
users are lured to a maliciously constructed website.

Users that have not already done so are strongly advised to upgrade to the latest
version of Flash Player or apply the appropriate fix for their particular version.


The vendor security bulletin and corresponding patches are available at the
following location:



12/05/2006 Preliminary Vendor notification.
18/05/2006 Vulnerability confirmed in pre-release Flash 9, and earlier versions
28/06/2006 Flash Player 9 released (Fixed)
31/07/2006 Public Disclosure Deferred by Vendor.
12/09/2006 Coordinated public release.

Total Time to Fix: 4 months (123 days)


The vulnerability was discovered by Stuart Pearson of Computer Terrorism (UK) Ltd

About Computer Terrorism

Computer Terrorism (UK) Ltd is a global provider of Digital Risk Intelligence services.
Our unique approach to vulnerability risk assessment and mitigation has helped protect
some of the worlds most at risk organisations.

Headquartered in London, Computer Terrorism has representation throughout Europe &
North America and can be reached at +44 (0) 870 250 9866 or email:-

sales [at] computerterrorism.com

To learn more about our services and to register for a FREE comprehensive website
penetration test, visit: http:/www.computerterrorism.com

Computer Terrorism (UK) :: Protection for a vulnerable world.

Login or Register to add favorites

File Archive:

June 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    18 Files
  • 2
    Jun 2nd
    13 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By