CERT-In Advisory
CIAD-2010-0058
Multiple Remote code Execution Vulnerabilities in Adobe Flash Player and Adobe AIR
Original Issue Date: August 17, 2010
Severity Rating: Medium
Systems Affected
- Adobe Flash Player 10.1.53.64 and earlier
- Adobe AIR 2.0.2.12610 and earlier
Overview
Multiple vulnerabilities have been reported in Adobe Flash Player and Adobe AIR which could allow remote code execution to take complete control of the systems installed with vulnerable versions of software.
Description
1. Adobe Flash Player and AIR ActionScript AVM1 ActionPush Memory Corruption Vulnerability
(
CVE-2010-0209
)
Adobe Flash supports two types of ActionScript, ActionScript Virtual Machine 1 AVM1 and ActionScript Virtual Machine 2 AVM2 , which are scripting language for Flash. This vulnerability is caused due to improper handling of the ActionPush command by ActionScript Virtual Machine 1 AVM1 . Successful exploitation of this vulnerability could cause stack corruption, which could allow remote attacker to execute arbitrary code on the system installed with vulnerable version of softwares with the privileges of currently logged-in user.
2. Adobe Flash Player and AIR ActionScript Memory Corruption Vulnerability
(
CVE-2010-2188
)
This vulnerability is caused due to an error in the exposed connect method in Adobe Flash Player and Adobe AIR. A remote attacker could call the method multiple times using ActionScript native object number 2200 to corrupt memory and execute arbitrary code on the system.
3. Adobe Flash Player and AIR Multiple Unspecified Memory Corruption Vulnerabilities
(
CVE-2010-2213
CVE-2010-2214
CVE-2010-2216
)
These vulnerabilities are caused due to unspecified memory corruption errors exists in Adobe Flash Player and Adobe AIR. Successful exploitation of this vulnerability could allow remote attacker to execute arbitrary code with the privileges of Applications and could obtain sensitive information from the system installed with vulnerable version of affected softwares.
4. Adobe Flash Player and AIR Unspecified Clickjacking Vulnerability
(
CVE-2010-2215
)
This Clickjacking vulenrability is caused due to uinspecified error in Adobe Flash Player and Adobe AIR.
A clickjacked page tricks a user into performing undesired actions by clicking on a concealed link. On a clickjacked page, the attackers show a set of dummy buttons, then load another page over it in a transparent layer. The user thinks he is clicking the visible buttons, while he/she is actually performing actions on the hidden page.
The hidden page may be an authentic page, and therefore the attackers can trick users into performing actions which the users never intended to do and there is no way of tracing such actions later, as the user was genuinely authenticated on the other page.
A remote attacker could exploit these vulnerabilities by alluring users to open specially crafted malformed Flash content sent via email attachment or via hosting it purposefully at crafted webpage or website. Upon opening, Adobe Flash Player and Adobe AIR processing malformed data within malformed Flash, which could cause application crash Denial of Service DoS , execution of arbitrary code and could allow remote attacker to gain system access with the privileges of currently logged-in user.
Solution
Install updates as suggested in
APSB10-16
Workaround
- Exercise caution while visiting websites links received in emails
- Disable JavaScript and ActiveX scripting in the browser settings
- Disable JavaScript in Adobe Reader and Acrobat
- Disable displaying and automatic opening of PDF documents in Web Browser
- Enable DEP in Microsoft Windows
- Use Adobe automatic update feature
Vendor Information
Adobe Security Bulletin
http://www.adobe.com/support/security/bulletins/apsb10-16.html
References
Adobe
http://www.adobe.com/support/security/bulletins/apsb10-16.html
US-CERT
http://www.kb.cert.org/vuls/id/660993
SecurityTracker
http://securitytracker.com/alerts/2010/Aug/1024313.html
SecurityFocus
http://www.securityfocus.com/bid/42363
http://www.securityfocus.com/bid/40798
http://www.securityfocus.com/bid/42364
http://www.securityfocus.com/bid/42358
http://www.securityfocus.com/bid/42361
http://www.securityfocus.com/bid/42362
xForece ISS
http://xforce.iss.net/xforce/xfdb/59337
Novell
http://support.novell.com/security/cve/CVE-2010-2188.html
VUPEN
http://www.vupen.com/english/advisories/2010/2064
CVE Name
CVE-2010-0209
CVE-2010-2188
CVE-2010-2213
CVE-2010-2214
CVE-2010-2215
CVE-2010-2216
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|