Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés
Date : Wed, 10 May 2006 10:16:31 +0200
Type : VULN
Sujet : CERT-Renater : 2006/VULN239 (Microsoft: Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution)
====================================================================                                    CERT-Renater

                         Note d'Information No. 2006/VULN239
_____________________________________________________________________

DATE                      : 10/05/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows running Macromedia Flash Player.

======================================================================

MS06-020 - Vulnerabilities in Macromedia Flash Player from Adobe Could
Allow Remote Code Execution (913433)

Affected Software:
	- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP
	  Service Pack 2
	- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
	  and Microsoft Windows Millennium Edition (ME)

Non-Affected Software:
	- Microsoft Windows 2000 Service Pack 4
	- Microsoft Windows Server 2003 and Microsoft Windows
	  Server 2003 Service Pack 1
	- Microsoft Windows Server 2003 for Itanium-based Systems
	  and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
	- Microsoft Windows Server 2003 x64 Edition
	- Windows XP Professional x64 Edition

Full MS06-020 advisory:
http://www.microsoft.com/technet/security/Bulletin/MS06-020.mspx

Vulnerability Details
	
Flash Player Vulnerabilities - CVE-2006-0024, CVE-2005-2628:

	A remote code execution vulnerability exists in Macromedia
	Flash Player from Adobe because of the way that it handles
	Flash Animation (SWF) files. An attacker could exploit the
	vulnerability by constructing a specially crafted Flash Animation
	(SWF) file that could potentially allow remote code execution
	if a user visited a Web site containing the specially crafted
	SWF file or viewed an e-mail message containing the specially
	crafted SWF file as an attachment. An attacker who successfully
	exploited this vulnerability could take complete control of
	an affected system.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================