|
Macromedia Flash Player SWF File Handling Arbitrary Code Execution
|
|
|
|
|
Secunia Advisory:
|
SA17430
|
|
|
Release Date:
|
2005-11-05
|
|
Last Update:
|
2005-11-17
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Macromedia Flash Player 6.x
Macromedia Flash Player 7.x
|
| | CVE reference: | CVE-2005-2628 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
A vulnerability has been reported in Macromedia Flash Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to missing validation of the frame type identifier that is read from a SWF file. This value is used as an index in Flash.ocx to reference an array of function pointers. This can be exploited via a specially crafted SWF file to cause the index to reference memory that is under the attacker's control, which causes Flash Player to use attacker supplied values as function pointers.
The vulnerability also affects libflashplayer.so on the Unix platform.
Successful exploitation allows execution of arbitrary code.
The vulnerability has been reported in Flash Player version 7.0.19.0 and prior on the Windows platform, and in versions prior to 7.0.25.0 on the Unix platform.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution:
Update to Flash Player 8 (8.0.22.0) or apply Flash Player 7 update (7.0.61.0 or 7.0.60.0).
Flash Player 8 download:
http://www.macromedia.com/shockwave/d...ad.cgi?P1_Prod_Version=ShockwaveFlash
Flash Player 7 update:
http://www.macromedia.com/go/d9c2fe33
Provided and/or discovered by:
Independently discovered by:
* Fang Xing, eEye Digital Security.
* Bernhard Mueller, SEC Consult.
Changelog:
2005-11-07: Added link to "Original Advisory".
2005-11-08: Added information from SEC-Consult. Updated "Description" and "Original Advisory" sections.
2005-11-17: Added link to US-CERT vulnerability note.
Original Advisory:
Macromedia:
http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html
eEye Digital Security:
http://www.eeye.com/html/research/advisories/AD20051104.html
SEC-Consult:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038454.html
Other References:
US-CERT VU#146284:
http://www.kb.cert.org/vuls/id/146284
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
10 Related Secunia Security Advisories
|
|
|
1. Adobe Flash Player Multiple Vulnerabilities
|
|
2. Adobe Flash Player Multiple Vulnerabilities
|
|
3. Adobe Flash Player CRLF Injection Vulnerabilities
|
|
4. Adobe Flash Player Multiple Vulnerabilities
|
|
5. Flash Player Unspecified Vulnerability and "addRequestHeader()" Bypass
|
|
6. Flash Player Unspecified Code Execution Vulnerabilities
|
|
7. Macromedia Flash Player Predictable Data Location Weakness
|
|
8. Macromedia Flash Player Potential Vulnerabilities
|
|
9. MacroMedia FlashPlayer buffer overrun affects browsers too
|
|
10. Macromedia Flash ActiveX Denial of Service
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
