Adobe Flash
[FG-VD-10-020]Adobe Flash Player Remote Memory corruption Vulnerability
Fortinet Discovers Adobe Flash Player Vulnerability
2010.Nov.04
Summary:
Fortinet's FortiGuard Labs has discovered a Memory corruption vulnerability in Adobe Flash Player(Flash10h.ocx), which may lead to arbitrary code
execution or Denial of Service.
==================================================
1. Summary
==================================================
Adobe Flex is a software development kit released by Adobe Systems for the development and deployment of cross-platform rich Internet applications based on the Adobe Flash platform. An instance of a DOM-based Cross Site Scripting (XSS) vulnerability was found in the default index.template.html of the SDK that is an HTML template used by FlexBuilder to generate the wrapper html for all the application files in your project. The XSS vulnerability appears to affect all user's that download and utilize this HTML wrapper. You can find more information on DOM-based XSS here: http://www.owasp.org/index.php/DOM_Based_XSS
The vendor (Adobe Systems) was notified of this issue on June 29, 2009. The vendor responded by releasing version 3.4 on August 19, 2009 and has also issued a security bulletin: http://www.adobe.com/support/security/bulletins/apsb09-13.html.
Multiple Flash Authoring Heap Overflows - Malformed SWF Files
Vendor Website: http://www.adobe.com
Affected Versions:
Adobe Flash Professional CS3/Flash MX2004
Vendor Notified. July 2008
Public Disclosure. October 16th 2008
Researcher: Paul Craig - paul.craig <at> security-assessment.com
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 09, 2011
I. BACKGROUND
Adobe Flash Player is an application for viewing animations and movies
using computer programs such as a Web browser; in common usage, Flash
lets you put animation and movies on a website. Flash Player runs SWF
files that can be created by the Adobe Flash authoring tool, by Adobe
Flex, or by a number of other Macromedia and third-party tools. For more
information, please visit following website:
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 08, 2011
I. BACKGROUND
Adobe Flash Player is an application for viewing animations and movies
using computer programs such as a Web browser; in common usage, Flash
lets you put animation and movies on a website. Flash Player runs SWF
files that can be created by the Adobe Flash authoring tool, by Adobe
Flex or by a number of other Macromedia and third party tools. For more
information, please visit following website:
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 08, 2011
I. BACKGROUND
Adobe Flash Player is an application for viewing animations and movies
using computer programs such as a Web browser; in common usage, Flash
lets you put animation and movies on a website. Flash Player runs SWF
files that can be created by the Adobe Flash authoring tool, by Adobe
Flex or by a number of other Macromedia and third party tools. For more
information, please visit following website:
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 09, 2011
I. BACKGROUND
Adobe Flash Player is an application for viewing animations and movies
using computer programs such as a Web browser; in common usage, Flash
lets you put animation and movies on a website. Flash Player runs SWF
files that can be created by the Adobe Flash authoring tool, by Adobe
Flex, or by a number of other Macromedia and third-party tools. For more
information, please visit following website:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: April 18, 2008
Bugs: #204344
ID: 200804-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02549485
Version: 1
HPSBMA02592 SSRT100300 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows Running Adobe Flash, Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Modification
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-10-18
Last Updated: 2010-10-18
http://labs.idefense.com/intelligence/vulnerabilities/
Jun 10, 2010
I. BACKGROUND
Adobe Flash Player is a very popular Web browser plugin. It is available
for multiple Web browsers and platforms, including Windows, Linux and
MacOS. Flash Player enables Web browsers to display rich multimedia
content, such as online videos, and is often a requirement for popular
websites. For more information, see the vendor's site at the following
link.
Impact
======
A remote attacker could entice a user to visit a malicious URL or send
specially crafted HTTP requests (i.e using Adobe Flash) to perform
Cross-Site Scripting and HTTP response splitting attacks, or conduct a
Denial of Service attack on the vulnerable web server.
Workaround
==========
EUSecWest 2009 Speakers
Efficient UAK Recovery attacks against DECT
- Ralf-Philipp Weinmann, University of Luxembourg
A year in the life of an Adobe Flash security researcher
- Peleus Uhley, Adobe
Pwning your grandmother's iPhone
- Charley Miller, Independent Security Evaluators
Post exploitation techniques on OSX and Iphone and other TBA matters.
- Vincent Iozzo,Zynamics
11. Client Application list:
The fully patched client-side applications that qualify for a prize includes:
. Adobe PDF
. Adobe Flash
. Microsoft Silverlight
. Microsoft Internet Explorer
. Microsoft Outlook/Outlook Express
. Firefox
. Safari
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in Adobe Reader and Adobe Flash Player allow
for attacks including the remote execution of arbitrary code.
Background
==========
Where: Remote
======================================================================
3) Vendor's Description of Software
"SWFTools is a collection of utilities for working with Adobe Flash
files (SWF files)."
Product Link:
http://www.swftools.org/
11. Client Application list:
The fully patched client-side applications that qualify for a prize includes:
. Adobe PDF
. Adobe Flash
. Microsoft Silverlight
. Microsoft Internet Explorer
. Microsoft Outlook/Outlook Express
. Firefox
. Safari
iSEC Partners Security Advisory - 2008-01-flash
--------------------------------------------
Adobe Flash Multiple Vulnerabilities
Vendor: Adobe, Inc.
Vendor URL: http://www.adobe.com
Versions affected: Flash Player 9.0.124.0 and earlier,
AIR 1.1, Flash CS4 Professional, Flash CS3 Professional, Flex 3
Systems Affected: All platforms
Microsoft's ATL and MFC. Although later versions of the ATL/MFC are
less vulnerable, certain conditions can trigger the same exploit
pattern.
Any code compiled with these libraries may also be vulnerable. Specific
controls compiled with vulnerable versions include Adobe Flash and
Sun's Java plug-in.
V. WORKAROUND
iDefense is currently unaware of any workarounds for this issue.
PUBLIC
=========================================================================
ACROS Security Problem Report #2011-02-11-2
-------------------------------------------------------------------------
ASPR #2011-02-11-2: Remote Binary Planting in Adobe Flash Player
=========================================================================
Document ID: ASPR #2011-02-11-2-PUB
Vendor: Adobe Systems, Inc. (http://www.adobe.com)
Target: Adobe Flash Player
PUBLIC
=========================================================================
ACROS Security Problem Report #2010-11-05-01
-------------------------------------------------------------------------
ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player
=========================================================================
Document ID: ASPR #2010-11-05-01-PUB
Vendor: Adobe Systems, Inc. (http://www.adobe.com)
Target: Adobe Flash Player for Windows
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: January 20, 2008
Updated: January 20, 2008
Bugs: #193519
ID: 200801-07:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: March 10, 2009
Bugs: #239543, #251496, #260264
ID: 200903-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Obscure of EyeonSecurity who thoroughly researched and pioneered every
attack we used.
Thanks to Autodemo, Infosoft, and Techsmith for quickly fixing this
issue. We also thank the Computer Emergency Response Team for
coordinating with the vendors to fix this issue, the Adobe Flash
player development teams for including some fixes in the player (we
hope to see more in the future), the Adobe Software Security
Engineering Team, and the Google Security Team for giving me time to
pursue this research and coauthor a book.
|
