|
|
>> Adobe Flash Player Code Execution and Security Bypass Vulnerabilities
|
Multiple vulnerabilities have been identified in Adobe Flash Player, which could be exploited by remote attackers to bypass security restrictions, gain knowledge of sensitive information or take complete control of an affected system.
The first issue is caused by a buffer overflow error in the processing of "Declare Function (V7)" tags, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
The second vulnerability is caused by an integer overflow error when processing malformed SWF files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
The third issue is caused by an unspecified error when handling specially crafted Flash files, which could be exploited to conduct DNS rebinding attacks.
The fourth vulnerability is caused by an error when interpreting cross-domain policy files, which could be exploited to conduct privilege escalation attacks against web servers hosting Flash content and cross-domain policy files.
The fifth issue is caused by an error when processing HTTP headers, which could be exploited to bypass cross-domain policy restrictions.
The sixth vulnerability is caused by input validation errors in various APIs, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
Affected Products
Adobe Flash Player version 9.0.115.0 and prior
Adobe Flash Player version 8.0.39.0 and prior
Solution
Flash Player - Upgrade to version 9.0.124.0 :
http://www.adobe.com/go/getflash
Flash Player (network distribution) - Upgrade to version 9.0.124.0 :
http://www.adobe.com/licensing/distribution
Flex 3.0 - Upgrade to version 9.0.124.0 :
http://www.adobe.com/support/flashplayer/downloads.html#fp9
AIR 1.0 - Upgrade to version 1.0.1 :
http://www.adobe.com/go/getair
References
http://www.vupen.com/english/advisories/2008/1158
http://www.adobe.com/support/security/bulletins/apsb08-11.html
http://secunia.com/secunia_research/2007-103/advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-021/
http://www.iss.net/threats/289.html
Credits
Vulnerabilities reported by Alin Rad Pop (Secunia Research), Javier Vicente Vallejo, Shane Macaulay, Zero Day Initiative, Mark Dowd (ISS X-Force), wushi (team509), Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, Weidong Shao (Stanford University), Nathan McFeters and Rob Carter (Ernst and Young Advanced Security Center), Tom Gallagher (Microsoft), Toshiharu Sugiyama (UBsecure, Inc), JPCERT/CC, Rich Cannings (Google Security Team), and Stefano Di Paola (Minded Security).
ChangeLog
2008-04-09 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
