Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Adobe Flash Player Multiple Vulnerabilities

-

Release Date:  2009-07-23    Last Update:  2009-08-10    Views:  112,436

Secunia Advisory SA35948

Where:

From remote

Impact:

Security Bypass, Exposure of sensitive information, System access

Solution Status:

Vendor Patch

CVE Reference(s):

Description


Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system.

1) An unspecified error can be exploited to corrupt memory and execute arbitrary code via specially crafted SWF content.

2) The control has been built using a vulnerable version of ATL, which may be exploited to disclose memory content, bypass security features like kill-bits, and corrupt memory to execute arbitrary code when used in Internet Explorer.

For more information:
SA35967

3) An unspecified error can be exploited to gain escalated privileges.

4) A use-after-free error when parsing Shockwave Flash files may cause references to remain pointing to a deleted object, which can be exploited to corrupt memory.

5) An unspecified error may lead to a "null pointer vulnerability".

6) An unspecified error may lead to a "stack overflow vulnerability".

7) A click-jacking error can be exploited to trick a user into unknowingly click a link or dialog.

8) An error in the parsing of URLs can be exploited to cause a heap-based buffer overflow.

9) An integer overflow error in the AVM2 abcFile parser when handling the "intrf_count" value of the "instance_info" structure can be exploited to corrupt memory and execute arbitrary code.

10) An error in the local sandbox can be exploited to gain knowledge of sensitive information when a SWF is saved to the hard drive.


Solution:
Update to Flash Player 9.0.246.0 or 10.0.32.18 and Adobe AIR version 1.5.2.

Further details available to Secunia VIM customers

Provided and/or discovered by:
1) Reported as a 0-day (the vendor also credits lakehu, Tencent Security Center).
2) David Dewey of IBM ISS X-Force, Ryan Smith of iDefense Labs, and Microsoft Vulnerability Research Program.
3) The vendor credits Mike Wroe.
4) Reported by an anonymous person via iDefense.
5,6) The vendor credits Chen Chen, Venustech.
7) The vendor credits Joran Benker.
8) Jun Mao, iDefense Labs.
9) Roee Hay, IBM Rational Application Security.
10) The vendor credits Microsoft Vulnerability Research Program (MSVR).

Original Advisory:
Adobe:
http://www.adobe.com/support/security/advisories/apsa09-03.html
http://www.adobe.com/support/security/advisories/apsa09-04.html
http://www.adobe.com/support/security/bulletins/apsb09-10.html

Roee Hay:
http://roeehay.blogspot.com/2009/07/adobe-flash-player-integer-overflow.html
http://roeehay.blogspot.com/2009/08/advisory-adobe-flash-player-avm2.html
http://roeehay.blogspot.com/2009/08/exploitation-of-cve-2009-1869.html

iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=816
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=818

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Adobe Flash Player Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability