HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

CERT-In Vulnerability Note CIVN-2008-68
Adobe Flash Player Unspecified Remote Code Execution Vulnerability

Original Issue Date: May 30, 2008

Severity Rating: High

System Affected

  • Adobe Flash Player version 9.0.124.0 and earlier

Overview

A vulnerability has been reported in Adobe Flash Player, which could allow a remote attacker to execute arbitrary commands on the affected system.

Description

A remote code execution vulnerability has been reported in Adobe Flash Player, which could be exploited by remote attackers to take complete control of an affected system. This vulnerability is caused by an unspecified memory corruption error while processing a malformed SWF file, which could be exploited by attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a specially crafted web page.

Workarounds

  • Users of Internet Explorer
    • Add IE7Pro, which includes an ad blocker and a
      Flash blocker
    • Applying the kill bit for the following CLSID
      will prevent the Flash plug-in from running:
      {D27CDB6E-AE6D-11cf-96B8-444553540000}

  • Users of Firefox
    • Install a copy of No Script  for its script and Flash blocking abilities
    • Disable the Flash plug-in in Firefox 3 by going to
      tools , Add-ons , then clicking the Disable button
      next to the Shockwave Flash plug-in

  • On Linux systems, the Flash player can be disabled by renaming the Flash plug-in. The plug-in may be found in
    several locations, including /usr/lib/firefox/plugins /usr/ lib/iceweael/plugins /usr/lib/mozilla/plugins , and is
    named flashplugin-alternative.so
  • Firewall, web proxies and IPS systems may be able to
    stop some attacks. Iptables string matching or the Squid req_mime_type ACL can be used to block access by
    restricting which sites can send the Flash MIME type
  • Ensure that security updates are applied to software
    running on the server
  • Confirm that third parties hosting content on their
    domain are not acting as attack vectors for this
    vulnerability
  • Avoid browsing to suspicious sites or strange links
    that arrive via e-mail or Instant Messenger

Solutions

  • Update the latest version of Flash Player 9.0.124.0 or
    later
  • Users may browse to the Adobe Flash Player Support
    Center downloads, and install the most recent version
    of Flash Player on each Browsers

References

US-CERT
http://www.kb.cert.org/vuls/id/395473

PSIRT
http://blogs.adobe.com/psirt/2008/05/potential_flash
_player_issue.html
http://kb.adobe.com/selfservice/viewContent.do?externalId
=tn_4151

SecurityFocus
http://www.securityfocus.com/bid/29386

FrSIRT
http://www.frsirt.com/english/advisories/2008/1662

ZDNet
http://blogs.zdnet.com/security/?p=1189

Internet Storm Center
http://isc.sans.org/diary.html?storyid=4465
http://isc.sans.org/diary.html

Secunia
http://secunia.com/advisories/30404/

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003