The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability CVE-2006-0024

Flash Player: code execution

Synthesis of the vulnerability

Several vulnerabilities of Macromedia Flash Player permit a remote attacker to execute code on user's computer.
Severity of this alert: 3/4.
Creation date: 15/03/2006.
Références of this alert: 913433, 916208, APSB06-03, BID-17106, CERTA-2006-AVI-114, CVE-2006-0024, MS06-020, RHSA-2006:026, RHSA-2006:0268-01, SUSE-SA:2006:015, SUSE-SR:2006:006, TLSA-2006-7, VIGILANCE-VUL-5687, VU#945060.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Macromedia Flash Player plug-in adds dynamic features to web documents.

Adobe announced several vulnerabilities in Macromedia Flash Player. Their technical details are unknown.

These vulnerabilities permit a remote attacker to run code on user's computer.
Full Vigil@nce bulletin... (Free trial)

This weakness bulletin impacts software or systems such as Flash Player, IE, Windows 98, Windows ME, Windows XP, Firefox, Mozilla Suite, NLD, openSUSE, RHEL, TurboLinux.

Our Vigil@nce team determined that the severity of this computer weakness is important.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this vulnerability announce.

Solutions for this threat

Flash Player: versions 8.0.24.0 and 7.0.63.0.
Versions 7.0.63.0 and 8.0.24.0 are corrected:
  http://www.macromedia.com/go/getflash

Windows: solution for Flash Player.
Microsoft's announce indicates procedure du follow.
The VIGILANCE-SOL-9863 solution also corrects these vulnerabilities. The VIGILANCE-SOL-9178 solution is older.

RHEL: new flash-plugin packages.
New packages are available:
Red Hat Enterprise Linux version 3 Extras: flash-plugin-7.0.63-1.EL3
Red Hat Enterprise Linux version 4 Extras: flash-plugin-7.0.63-1.EL4

SUSE: new flash-player packages.
New packages are available:
   SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/flash-player-7.0.63.0-1.1.i586.rpm
         0c45a695373aac68f923b7a5ebcb4241
   SUSE LINUX 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/flash-player-7.0.63.0-1.1.i586.rpm
         bd8d78f4d2409521f994ca870698e50e
   SUSE LINUX 9.2:
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/flash-player-7.0.63.0-1.1.i586.rpm
         929136205231c24e4771ea0bbff9679b
   SUSE LINUX 9.1:
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/flash-player-7.0.63.0-1.2.i586.rpm
         dac8004a7507564f4b865bdbac8be214

SUSE: new ImageMagick, zoo packages.
New packages are available through YaST or FTP.

Turbolinux: new flash-player packages.
New packages are available:
   flash-player-7.0.63.0-1.src.rpm
      1001298 a08c2b01e18967b8949e85f1577fea4d
   flash-player-7.0.63.0-1.i586.rpm
      1021055 ef3d36fe1978c601cae7e0960a03b6b0
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides systems vulnerabilities patches. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.