CERT-In Advisory CIAD-2009-58
Multiple Vulnerabilities in Adobe Flash player and AIR

Original Issue Date: December 11, 2009

Severity Rating:High

System Affected

• Adobe Flash Player versions 10.0.32.18 and prior
• Adobe AIR versions 1.5.2 and prior

Overview

Multiple vulnerabilities have been reported in Adobe Flash Player and Adobe AIR, which could allow remote attackers to cause a denial of service conditions, gain potentially sensitive information and execute an arbitrary code or take complete control of an affected system.

Description

1. Adobe Flash Player JPEG Parsing Heap Overflow     Vulnerability (CVE-2009-3794)

This vulnerability is caused due to an error when parsing JPEG dimensions contained within an SWF file in Adobe Flash Player. A remote attacker could exploit this vulnerability by tricking a user into opening a specially crafted web page or SWF file to trigger a heap-based buffer overflow error. Successful exploitation of this vulnerability could allow a remote attacker to execute an arbitrary code in the context of logged in user.

2. Adobe Flash Player data injection Vulnerability
    (CVE-2009-3796)

This vulnerability is caused due to an unspecified error in Adobe Flash Player. A remote attacker could exploit this vulnerability by injecting a specially crafted data to execute an arbitrary code.

3. Adobe Flash Player ActionScript Exception Handler Integer     Overflow Vulnerability (CVE-2009-3799)

This vulnerability is caused due to an Integer overflow error when generating ActionScript exception handlers in Verifier::parseExceptionHandlers() function in Adobe Flash Player. A remote attacker could exploit this vulnerability by tricking a user into opening a specially crafted web page or SWF file to trigger memory corruption error. Successful exploitation of this vulnerability could allow a remote attacker to execute an arbitrary code in the context of logged in user.

4. Adobe Flash Player and AIR Multiple Memory Corruption     Vulnerabilities (CVE-2009-3797 , CVE-2009-3798 ,
    CVE-2009-3800)

Multiple memory corruption vulnerabilities have been reported due to unspecified errors in Adobe Flash Player and Adobe AIR. A remote attacker could exploit these vulnerabilities via unspecified vectors to trigger memory corruption error. Successful exploitation of these vulnerabilities could allow a remote attacker to execute an arbitrary code.


5. Adobe Flash Player ActiveX Control Information Disclosure     Vulnerability (CVE-2009-3951)

Solutions

Update to Adobe Flash Player version 10.0.42.34
http://get.adobe.com/flashplayer/

Vendor Information

Adobe
http://www.adobe.com/support/security/bulletins/apsb09-19.html


References

Adobe
http://www.adobe.com/support/security/bulletins/apsb09-19.html

ZDI
http://www.zerodayinitiative.com/advisories/ZDI-09-092/
http://www.zerodayinitiative.com/advisories/ZDI-09-093/

SecurityFocus
http://www.securityfocus.com/bid/37272
http://www.securityfocus.com/bid/37273
http://www.securityfocus.com/bid/37275

Secunia
http://secunia.com/advisories/37584/

SecurityTracker
http://securitytracker.com/alerts/2009/Dec/1023307.html
http://securitytracker.com/alerts/2009/Dec/1023306.html

Fortinet
http://www.fortiguard.com/advisory/FGA-2009-46.html

CVE Name
CVE-2009-3794
CVE-2009-3796
CVE-2009-3797
CVE-2009-3798
CVE-2009-3799
CVE-2009-3800
CVE-2009-3951

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003