Title: Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability
Severity: HIGH
Description:
Adobe Flash Player is an application for playing Flash media files.
Flash Player is prone to a remote buffer-overflow vulnerability when processing SWF files with the 'DefineSceneAndFrameLabelData' tag (tag ID 0x56). The issue stems from an integer overflow when calculating pointers. Attackers can use this issue to write to arbitrary memory locations.
An attacker can exploit the issue by enticing an unsuspecting victim to open a specially crafted multimedia file with the vulnerable application.
Successful exploits will allow the attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Adobe Flash Player 9.0.115.0 and earlier versions are affected.
NOTE: This issue has been fixed in all versions of Adobe Flash Player 9.0.124.0.
Initial investigations suggested that the vulnerability had not been patched in the standalone Adobe Flash Player version 9.0.124.0 for Linux and the standalone Adobe Flash Player version 9.0.124.0 with debug capabilities for Microsoft Windows. The observed behavior that led to this initial conclusion has since been confirmed by Adobe as intended by design.
Affected Products:
Adobe AIR 1.0
Adobe Flash Basic 8
Adobe Flash CS3 Professional
Adobe Flash Player 8.0.34.0
Adobe Flash Player 8.0.35.0
Adobe Flash Player 9
Adobe Flash Player 9.0.115.0
Adobe Flash Player 9.0.28.0
Adobe Flash Player 9.0.31.0
Adobe Flash Player 9.0.45.0
Adobe Flash Player 9.0.47.0
Adobe Flash Player 9.0.48.0
Adobe Flash Player Plugin 8.0.0
Adobe Flash Player Plugin 9.0.16
Adobe Flash Player Plugin 9.0.18d60
Adobe Flash Player Plugin 9.0.20 .0
Adobe Flash Player Plugin 9.0.28 .0
Adobe Flash Player Plugin 9.0.31 .0
Adobe Flash Professional 8
Adobe Flex 3.0
Apple Mac OS X 10.4.11
Apple Mac OS X 10.5
Apple Mac OS X 10.5.1
Apple Mac OS X 10.5.2
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.5
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.5.2
Gentoo Linux
RedHat Enterprise Linux Desktop Supplementary 5 client
RedHat Enterprise Linux Extras 3
RedHat Enterprise Linux Extras 4
RedHat Enterprise Linux Supplementary 5 server
S.u.S.E. Linux 10.1 ppc
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Novell Linux Desktop 9
S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1
S.u.S.E. openSUSE 10.2
S.u.S.E. openSUSE 10.3
Sun OpenSolaris build snv_88
Sun Solaris 10.0
Sun Solaris 10.0_x86
Turbolinux FUJI
Turbolinux wizpy
References:
Adobe: APSB08-11 Flash Player update available to address security vulnerabilities
Adobe: Adobe Flash Homepage
Adobe: Adobe Homepage
Mark Dowd of X-Force IBM ISS: Application-Specific Attacks:Leveraging the ActionScript Virtual Machine
X-Force IBM ISS: FrequencyX Blog: Flash
Adobe: Install Adobe Flash Player
Dancho Danchev: Malware Attack Exploiting Flash Zero Day Vulnerability
Adobe: Potential Flash Player issue
Red Hat: RHSA-2008:0221-3: Critical: flash-plugin security update
Sun Microsystems: Solution 238305: Multiple Security Vulnerabilities in Flash Player for Solaris
US-CERT: VU#395473 - Adobe Flash player code execution vulnerability
US-CERT: Vulnerability Note VU#159523 Adobe Flash Player integer overflow vulnerability
Zero Day Initiative: ZDI-08-032: Adobe Flash DefineSceneAndFrameLabelData Parsing Memory Corruption
Severity: HIGH
Description:
Adobe Flash Player is an application for playing Flash media files.
Flash Player is prone to a remote buffer-overflow vulnerability when processing SWF files with the 'DefineSceneAndFrameLabelData' tag (tag ID 0x56). The issue stems from an integer overflow when calculating pointers. Attackers can use this issue to write to arbitrary memory locations.
An attacker can exploit the issue by enticing an unsuspecting victim to open a specially crafted multimedia file with the vulnerable application.
Successful exploits will allow the attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Adobe Flash Player 9.0.115.0 and earlier versions are affected.
NOTE: This issue has been fixed in all versions of Adobe Flash Player 9.0.124.0.
Initial investigations suggested that the vulnerability had not been patched in the standalone Adobe Flash Player version 9.0.124.0 for Linux and the standalone Adobe Flash Player version 9.0.124.0 with debug capabilities for Microsoft Windows. The observed behavior that led to this initial conclusion has since been confirmed by Adobe as intended by design.
Affected Products:
Adobe AIR 1.0
Adobe Flash Basic 8
Adobe Flash CS3 Professional
Adobe Flash Player 8.0.34.0
Adobe Flash Player 8.0.35.0
Adobe Flash Player 9
Adobe Flash Player 9.0.115.0
Adobe Flash Player 9.0.28.0
Adobe Flash Player 9.0.31.0
Adobe Flash Player 9.0.45.0
Adobe Flash Player 9.0.47.0
Adobe Flash Player 9.0.48.0
Adobe Flash Player Plugin 8.0.0
Adobe Flash Player Plugin 9.0.16
Adobe Flash Player Plugin 9.0.18d60
Adobe Flash Player Plugin 9.0.20 .0
Adobe Flash Player Plugin 9.0.28 .0
Adobe Flash Player Plugin 9.0.31 .0
Adobe Flash Professional 8
Adobe Flex 3.0
Apple Mac OS X 10.4.11
Apple Mac OS X 10.5
Apple Mac OS X 10.5.1
Apple Mac OS X 10.5.2
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.5
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.5.2
Gentoo Linux
RedHat Enterprise Linux Desktop Supplementary 5 client
RedHat Enterprise Linux Extras 3
RedHat Enterprise Linux Extras 4
RedHat Enterprise Linux Supplementary 5 server
S.u.S.E. Linux 10.1 ppc
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Novell Linux Desktop 9
S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1
S.u.S.E. openSUSE 10.2
S.u.S.E. openSUSE 10.3
Sun OpenSolaris build snv_88
Sun Solaris 10.0
Sun Solaris 10.0_x86
Turbolinux FUJI
Turbolinux wizpy
References:
Adobe: APSB08-11 Flash Player update available to address security vulnerabilities
Adobe: Adobe Flash Homepage
Adobe: Adobe Homepage
Mark Dowd of X-Force IBM ISS: Application-Specific Attacks:Leveraging the ActionScript Virtual Machine
X-Force IBM ISS: FrequencyX Blog: Flash
Adobe: Install Adobe Flash Player
Dancho Danchev: Malware Attack Exploiting Flash Zero Day Vulnerability
Adobe: Potential Flash Player issue
Red Hat: RHSA-2008:0221-3: Critical: flash-plugin security update
Sun Microsystems: Solution 238305: Multiple Security Vulnerabilities in Flash Player for Solaris
US-CERT: VU#395473 - Adobe Flash player code execution vulnerability
US-CERT: Vulnerability Note VU#159523 Adobe Flash Player integer overflow vulnerability
Zero Day Initiative: ZDI-08-032: Adobe Flash DefineSceneAndFrameLabelData Parsing Memory Corruption
0 comments:
Post a Comment