Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
About the Team
Disclosure Policy
SVCRP

Secunia Research: Microsoft Windows Flash Player Movie Unloading Vulnerability

====================================================================== 

                     Secunia Research 12/01/2010

   - Microsoft Windows Flash Player Movie Unloading Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software 

* Windows XP SP2 (bundled Flash Player 6.0.79).

NOTE: Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Highly critical
Impact: System compromise
Where:  Remote

====================================================================== 
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in Flash Player 
distributed with certain versions of Windows XP, which can be 
exploited by malicious people to compromise a user's system.

The vulnerability is caused by a use-after-free error in the bundled
version of Flash Player when unloading Flash objects while these are 
still being accessed using script code. This can be exploited to 
corrupt memory via a specially crafted web page.

Successful exploitation allows execution of arbitrary code.

====================================================================== 
4) Solution 

Install the latest version of Adobe Flash Player.

====================================================================== 
5) Time Table 

18/10/2007 - Vendor notified.
18/10/2007 - Vendor response.
01/11/2007 - Microsoft states that the vulnerability is fixed by the 
             patches released in MS06-069.
02/11/2007 - Vendor informed that MS06-069 does not fix the 
             vulnerability, which was tested against a fully patched 
             system.
23/11/2007 - Vendor contacted (status update requested).
23/01/2008 - Vendor contacted (status update requested again).
05/02/2008 - Vendor informed that due to no response to status 
             requests an advisory will be published in two weeks).
05/02/2008 - Vendor response (vulnerability successfully reproduced 
             and asks for coordinated disclosure).
07/02/2008 - Vendor informed that disclosure will be coordinated.
18/03/2008 - Vendor provides status update.
02/05/2008 - Vendor provides status update (waiting for Adobe).
15/08/2008 - Status update requested.
19/08/2008 - Vendor provides status update (coordinating with Adobe).
15/06/2009 - Status update requested.
22/06/2009 - Vendor response (working on a solution).
20/11/2009 - Status update requested. Vendor also informed that 
             disclosure of the advisory won't be postponed for much 
             longer.
30/11/2009 - Status update requested again.
30/11/2009 - Vendor response (coordinating with Adobe on recommending
             users to install the latest version of Adobe Flash Player 
             instead).
07/12/2009 - Vendor informed that Secunia has scheduled the advisory
             for disclosure on 12th January 2010.
15/12/2009 - Vendor response (more time requested along with draft of
             Secunia advisory).
21/12/2009 - Draft of Secunia Research advisory sent to the vendor. 
             Vendor also informed that disclosure won't be postponed.
07/01/2010 - Vendor informs that an advisory will be released on 12th 
             January 2010 at the same time as the Secunia advisory is
             published.
12/01/2010 - Public disclosure.

====================================================================== 
6) Credits 

Discovered by Carsten Eiram and Dyon Balding, Secunia Research.

====================================================================== 
7) References

The Common Vulnerabilities and Exposures (CVE) project has not 
currently assigned a CVE identifier for the vulnerability.

====================================================================== 
8) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

====================================================================== 
9) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2007-77/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability