Description: Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to gain knowledge of sensitive information or compromise a user's system.
1) A boundary error when processing FLV files can be exploited to cause a buffer overflow via an FLV file with a specially crafted DataObject section.
Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.
The vulnerability affects versions 9.0.45.0 and prior.
2) An error within the interaction of Flash Player and certain browsers can be exploited to leak key presses to a Flash Player applet.
The vulnerability affects versions 7.0.69.0 and prior on Linux and Solaris. It does not affect Flash Player 9.
A bug has also been reported in the validation of the HTTP Referer in versions 8.0.34.0 and prior, which may aid in e.g. CSRF (Cross-Site Request Forgery) attacks.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Flash Player version 7.0.70.0 for Linux and Solaris reportedly fixes vulnerability #2 for Opera and Konqueror browsers.
Provided and/or discovered by: 1) Stefano Di Paola and Giorgio Fedon, Minded Security.
2) The vendor credits Mark Hills.
Changelog: 2007-07-11: Updated "Solution" section and added additional affected products.
2007-07-12: Added link to US-CERT.
2007-07-13: Added link to US-CERT.
2007-07-16: Updated "Description" section and added link from Minded Security.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
