HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2008-23
Multiple Remote code Execution Vulnerabilities in Adobe Flash player

Original issue date: April 25, 2008

Severity Rating: High

Systems Affected

•  Adobe Flash Player 9.0.115.0 and earlier
•  Adobe Flash Player 8.0.39.0 and earlier

Overview

Multiple vulnerabilities exist in Adobe Flash Player while handling the .swf files. These Vulnerabilities could be exploited by the remote attacker to execute arbitrary code to take control of the vulnerable system.

Description

1.Adobe Flash Player Invalid Pointer Bug Vulnerability
(CVE-2007-0071)

This vulnerability is caused due to an input validation error in Adobe Flash Player while processing multimedia files. The attacker could exploit this vulnerability via specially crafted multimedia file and entice user to open the file. Opening this file may cause buffer overflow and allow remote attacker to execute arbitrary code.

2.Adobe Flash Player “DeclareFunction2 Action script” Tag Vulnerability (CVE-2007-6019)

This vulnerability is caused due to a boundary error in Adobe Flash Player while processing processing "Declare Function (V7)" tags that is not properly instantiated . This could be exploited via specially crafted SWF file with modified “DeclareFunction2 Action script” tag and entice user to open the file. Opening this file may cause heap overflow and allow remote attacker to execute arbitrary code.

3.Adobe Flash Player DNS rebinding Attacks Vulnerability
(CVE-2008-1655, CVE-2007-5275)

This vulnerability is caused due to an error in Adobe Flash Player when pinning a hostname to an IP address. The remote attacker could exploit this vulnerability via specially crafted SWF files and entice user to open the file. Opening this file will send HTTP headers to an arbitrary domain results in DNS rebinding attack by sending messages to an UPnP control point.

4.Adobe Flash Player Cross-Domain Policy CSRF Attacks Vulnerability (CVE-2008-1654)

This vulnerability is caused due to failure of cross domain policy file check in Adobe Flash Player when sending HTTP headers to another domain. The attacker could exploit this vulnerability via specially crafted SWF files and entice user to open the file. Opening this file will send HTTP malformed headers to another domain and allow the attacker to bypass cross-domain policy files.

5.Adobe Flash Player Cross-Domain Policy privilege escalation Vulnerability (CVE-2007-6243)

This vulnerability is caused due to insufficient restrictions on interpretation and usage of cross-domain policy files in Adobe Flash Player. The attacker could exploit this vulnerability to conduct privilege escalation attacks against target web servers hosting Hash content and cross domain policy files

6.Adobe Flash Player SWFs Cross-Site Scripting Vulnerabilities in Dream weaver and Acrobat (CVE-2007-6637)

This vulnerability is caused due to an error in Adobe Flash Player when processing SWF Files. The attacker could exploit this vulnerability via specially crafted SWF files and entice user to open the file. Opening this file would allow attacker to steal cookie-based authentication credentials and to launch other attacks in context of an affected site.


Solution

Update Adobe Flash player to Version 9.0.124.0
http://www.adobe.com/support/flashplayer/downloads.html#fp9

Vendor Information

Adobe
http://www.adobe.com/support/security/bulletins/apsb08-11.html

References

Zeroday
http://www.zerodayinitiative.com/advisories/ZDI-08-021/

X-Force
http://www.iss.net/threats/289.html

ISC-SANS
http://www.isc.sans.org/diary.html?storyid=4268

Secunia
http://secunia.com/advisories/28083/

SecurityTracker
http://securitytracker.com/alerts/2008/Apr/1019811.html
http://securitytracker.com/alerts/2008/Apr/1019810.html
http://securitytracker.com/alerts/2008/Apr/1019808.html
http://securitytracker.com/alerts/2008/Apr/1019807.html

SecurityFocus
http://www.securityfocus.com/bid/28697
http://www.securityfocus.com/bid/28694
http://www.securityfocus.com/bid/28696
http://www.securityfocus.com/bid/26966
http://www.securityfocus.com/bid/28695
http://www.securityfocus.com/bid/26930

CVE Name
CVE-2007-0071
CVE-2007-5275
CVE-2007-6243
CVE-2007-6637
CVE-2007-6019
CVE-2008-1654
CVE-2008-1655

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003