MS06-020, CVE-2006-0024, CVE-2005-2628
Macromedia Flash Player Remote Code Execution
Adobe Security Bulletin ASPB06-03
Adobe Security Bulletin MPSB05-07
CVE-2006-0024 and CVE-2005-2628
This bulletin addresses flaws in older versions of Adobe's flash player.
Both have been fixed for a while by Adobe. In case you haven't yet, this
is your last chance to update the Adobe Flash player.
MS06-020 patched this vulnerability as well. However, it only patched
Flash Player 7 (or 8). If a user had initially Flashplayer 6 installed,
MS06-020 was not applied. As a result, a user may have installed 7 or 8
later, and ended up vulnerable as a result. See the KB article above for
The "safe" version is 126.96.36.199 (this is currently the most recent version).
The vulnerability is exploited by viewing a crafted Flash animation.
Such an animation could be delivered via a web page, and e-mail message
or other means (P2P, Instant Messenger). If exploited, any arbitrary
command could be executed using the same privileges of the user viewing
This patch should be applied fast on all desktops. You may be able to
wait a bit on servers, or you could just uninstall the flash player on
servers (if you never use them to browse).
(Thanks Johannes for the write-up!)
May 9th 2006
1 decade ago