CVE-2005-3591

Macromedia Flash Player - Improper Input Validation

Title source: rule

Description

Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BassReFLeX · cdosmultiple

https://www.exploit-db.com/exploits/1331

View Code ZIP pw:eip

References (13)

[Vendor Advisory] http://secunia.com/advisories/17738/

[Vendor Advisory] http://secunia.com/advisories/17626/

[Vendor Advisory] http://www.vupen.com/english/advisories/2005/2317

[Exploit, Patch] http://www.securityfocus.com/bid/15334

[Mailing List] http://marc.info/?l=bugtraq&m=113140426614670&w=2

[Vendor Advisory] http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html

[Vendor Advisory] http://secunia.com/advisories/17481/

[Exploit, Patch, Vendor Advisory] http://www.sec-consult.com/226.html

[Third Party Advisory] http://securityreason.com/securityalert/149

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/23022

[Patch, Vendor Advisory] http://secunia.com/advisories/17430/

[Vendor Advisory] http://www.microsoft.com/technet/security/advisory/910550.mspx

[Vendor Advisory] http://secunia.com/advisories/17437/

Scores

EPSS 0.4113

EPSS Percentile 97.4%

Details

CWE

CWE-20

Status published

Products (8)

macromedia/flash_player 6.0

macromedia/flash_player 6.0.29.0

macromedia/flash_player 6.0.40.0

macromedia/flash_player 6.0.47.0

macromedia/flash_player 6.0.65.0

macromedia/flash_player 6.0.79.0

macromedia/flash_player 7.0.19.0

macromedia/flash_player 7.0_r19

Published Nov 16, 2005

Tracked Since Feb 18, 2026