Secunia Security Advisory - Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system.
34e55a11537e07bca6140c70ac501d1d8f46bbd8aaa8d16e1e21fad56cdedd19
----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28083
VERIFY ADVISORY:
https://secunia.com/advisories/28083/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, System access
WHERE:
>From remote
REVISION:
1.1 originally posted 2008-04-09
SOFTWARE:
Adobe Flash Player 9.x
https://secunia.com/product/11901/
DESCRIPTION:
Some vulnerabilities have been reported in Adobe Flash Player, which
can be exploited by malicious people to bypass certain security
restrictions, conduct cross-site scripting attacks, or to potentially
compromise a user's system.
1) A boundary error exists in the processing of "Declare Function
(V7)" tags. This can be exploited to cause a heap-based buffer
overflow via specially crafted flags.
2) An integer overflow in the processing of multimedia files can be
exploited to cause a buffer overflow.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
3) Errors when pinning a hostname to an IP address can be exploited
to conduct DNS rebinding attacks.
This is related to vulnerability #3 in:
SA28161
4) An error when sending HTTP headers can be exploited to bypass
cross-domain policy files.
5) An error exists in the enforcing of cross-domain policy files.
This can be exploited to bypass certain security restrictions on web
servers hosting cross-domain policy files.
This is related to vulnerability #4 in:
SA28161
6) Input passed to unspecified parameters when handling e.g. the
"asfunction:" protocol is not properly sanitised before being
returned to the user. This can be exploited to inject arbitrary HTML
and script code in a user's browser session in context of an affected
site.
This is related to vulnerability #5 in:
SA28161
The vulnerabilities are reported in versions prior to 9.0.124.0.
SOLUTION:
Update to a fixed version.
-- Flash Player 9.0.115.0 and earlier --
Update to version 9.0.124.0.
https://www.adobe.com/go/getflash
-- Flash Player 9.0.115.0 and earlier - network distribution --
Update to version 9.0.124.0.
https://www.adobe.com/licensing/distribution
-- Flex 3.0 --
Update to version 9.0.124.0.
https://www.adobe.com/support/flashplayer/downloads.html#fp9
-- AIR 1.0 --
Update to version 1.0.1.
https://www.adobe.com/go/getair
PROVIDED AND/OR DISCOVERED BY:
1) Alin Rad Pop, Secunia Research. The vendor also credits Javier
Vicente Vallejo and Shane Macaulay, reported via ZDI.
2) Reported independently by:
* Mark Dowd, ISS X-Force.
* wushi of team509, reported via ZDI.
3) The vendor credits:
* Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong
Shao of Stanford University.
* Tom Gallagher, Microsoft.
4) Ernst and Young's Advanced Security Center.
5) Toshiharu Sugiyama of UBsecure, Inc. and JPCERT/CC.
6) Rich Cannings of the Google Security Team and Stefano Di Paola of
Minded Security.
CHANGELOG:
2008-04-09: Corrected vendor links in the "Solution" section.
ORIGINAL ADVISORY:
Adobe:
https://www.adobe.com/support/security/bulletins/apsb08-11.html
Secunia Research:
https://secunia.com/secunia_research/2007-103/
ZDI:
https://www.zerodayinitiative.com/advisories/ZDI-08-021/
ISS X-Force:
https://www.iss.net/threats/289.html
OTHER REFERENCES:
SA28161:
https://secunia.com/advisories/28161/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
https://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
https://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------