|
|
|
|
Macromedia Flash Player SWF File Handling Arbitrary Code Execution
|
|
Secunia Advisory:
|
SA17430
|
|
|
Release Date:
|
2005-11-05
|
|
Last Update:
|
2005-11-17
|
|
Popularity:
|
71,536 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Macromedia Flash Player 6.x
Macromedia Flash Player 7.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
| | CVE reference: | CVE-2005-2628
|
|
Description:
A vulnerability has been reported in Macromedia Flash Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to missing validation of the frame type identifier that is read from a SWF file. This value is used as an index in Flash.ocx to reference an array of function pointers. This can be exploited via a specially crafted SWF file to cause the index to reference memory that is under the attacker's control, which causes Flash Player to use attacker supplied values as function pointers.
The vulnerability also affects libflashplayer.so on the Unix platform.
Successful exploitation allows execution of arbitrary code.
The vulnerability has been reported in Flash Player version 7.0.19.0 and prior on the Windows platform, and in versions prior to 7.0.25.0 on the Unix platform.
Solution:
Update to Flash Player 8 (8.0.22.0) or apply Flash Player 7 update (7.0.61.0 or 7.0.60.0).
Flash Player 8 download:
http://www.macromedia.com/shockwave/d...ad.cgi?P1_Prod_Version=ShockwaveFlash
Flash Player 7 update:
http://www.macromedia.com/go/d9c2fe33
Provided and/or discovered by:
Independently discovered by:
* Fang Xing, eEye Digital Security.
* Bernhard Mueller, SEC Consult.
Changelog:
2005-11-07: Added link to "Original Advisory".
2005-11-08: Added information from SEC-Consult. Updated "Description" and "Original Advisory" sections.
2005-11-17: Added link to US-CERT vulnerability note.
Original Advisory:
Macromedia:
http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html
eEye Digital Security:
http://www.eeye.com/html/research/advisories/AD20051104.html
SEC-Consult:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038454.html
Other References:
US-CERT VU#146284:
http://www.kb.cert.org/vuls/id/146284
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
Today
|
New advisories:
|
6 |
|
New vulnerabilities:
|
24 |
|
Updated advisories:
|
8 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7th Oct, 2008
|
New advisories:
|
19 |
|
New vulnerabilities:
|
68 |
|
Updated advisories:
|
61 |
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
|
|
Send Feedback to Secunia
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
|
