|
 |
|
Adobe Flash Player Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA28083
|
|
|
Release Date:
|
2008-04-09
|
|
Last Update:
|
2008-04-28
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
Cross Site Scripting
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Adobe Flash Player 9.x
|
| | CVE reference: | CVE-2007-0071 (Secunia mirror)
CVE-2007-5275 (Secunia mirror)
CVE-2007-6019 (Secunia mirror)
CVE-2007-6243 (Secunia mirror)
CVE-2007-6637 (Secunia mirror)
CVE-2008-1654 (Secunia mirror)
CVE-2008-1655 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system.
1) A boundary error exists in the processing of "Declare Function (V7)" tags. This can be exploited to cause a heap-based buffer overflow via specially crafted flags.
2) An integer overflow in the processing of multimedia files can be exploited to cause a buffer overflow.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
3) Errors when pinning a hostname to an IP address can be exploited to conduct DNS rebinding attacks.
This is related to vulnerability #3 in:
SA28161
4) An error when sending HTTP headers can be exploited to bypass cross-domain policy files.
5) An error exists in the enforcing of cross-domain policy files. This can be exploited to bypass certain security restrictions on web servers hosting cross-domain policy files.
This is related to vulnerability #4 in:
SA28161
6) Input passed to unspecified parameters when handling e.g. the "asfunction:" protocol is not properly sanitised before being returned to the user. This can be exploited to inject arbitrary HTML and script code in a user's browser session in context of an affected site.
This is related to vulnerability #5 in:
SA28161
The vulnerabilities are reported in versions prior to 9.0.124.0.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution:
Update to a fixed version.
-- Flash Player 9.0.115.0 and earlier --
Update to version 9.0.124.0.
http://www.adobe.com/go/getflash
-- Flash Player 9.0.115.0 and earlier - network distribution --
Update to version 9.0.124.0.
http://www.adobe.com/licensing/distribution
-- Flex 3.0 --
Update to version 9.0.124.0.
http://www.adobe.com/support/flashplayer/downloads.html#fp9
-- AIR 1.0 --
Update to version 1.0.1.
http://www.adobe.com/go/getair
Provided and/or discovered by:
1) Alin Rad Pop, Secunia Research. The vendor also credits Javier Vicente Vallejo and Shane Macaulay, reported via ZDI.
2) Reported independently by:
* Mark Dowd, ISS X-Force.
* wushi of team509, reported via ZDI.
3) The vendor credits:
* Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong Shao of Stanford University.
* Tom Gallagher, Microsoft.
4) Ernst and Young's Advanced Security Center.
5) Toshiharu Sugiyama of UBsecure, Inc. and JPCERT/CC.
6) Rich Cannings of the Google Security Team and Stefano Di Paola of Minded Security.
Changelog:
2008-04-09: Corrected vendor links in the "Solution" section.
2008-04-28: Added link to US-CERT.
Original Advisory:
Adobe:
http://www.adobe.com/support/security/bulletins/apsb08-11.html
Secunia Research:
http://secunia.com/secunia_research/2007-103/
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-021/
ISS X-Force:
http://www.iss.net/threats/289.html
Other References:
SA28161:
http://secunia.com/advisories/28161/
US-CERT VU#159523:
http://www.kb.cert.org/vuls/id/159523
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
3 Related Secunia Security Advisories
|
|
|
1. Adobe Flash Player Multiple Vulnerabilities
|
|
2. Adobe Flash Player Multiple Vulnerabilities
|
|
3. Adobe Flash Player CRLF Injection Vulnerabilities
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
