Chris Mosby at myITforum.com

Adobe Flash Player Multiple Vulnerabilities

Secunia Advisory:
SA28083

Release Date:
2008-04-09

Critical:

Highly critical

Impact:
Security Bypass
Cross Site Scripting
System access

Where:
From remote

Solution Status:
Vendor Patch

Software:
Adobe Flash Player 9.x

CVE reference:
CVE-2007-0071 (Secunia mirror)
CVE-2007-5275 (Secunia mirror)
CVE-2007-6019 (Secunia mirror)
CVE-2007-6243 (Secunia mirror)
CVE-2007-6637 (Secunia mirror)
CVE-2008-1654 (Secunia mirror)
CVE-2008-1655 (Secunia mirror)

Description:
Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system.

1) A boundary error exists in the processing of "Declare Function (V7)" tags. This can be exploited to cause a heap-based buffer overflow via specially crafted flags.

2) An integer overflow in the processing of multimedia files can be exploited to cause a buffer overflow.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

3) Errors when pinning a hostname to an IP address can be exploited to conduct DNS rebinding attacks.

This is related to vulnerability #3 in:
SA28161

4) An error when sending HTTP headers can be exploited to bypass cross-domain policy files.

5) An error exists in the enforcing of cross-domain policy files. This can be exploited to bypass certain security restrictions on web servers hosting cross-domain policy files.

This is related to vulnerability #4 in:
SA28161

6) Input passed to unspecified parameters when handling e.g. the "asfunction:" protocol is not properly sanitised before being returned to the user. This can be exploited to inject arbitrary HTML and script code in a user's browser session in context of an affected site.

This is related to vulnerability #5 in:
SA28161

The vulnerabilities are reported in versions prior to 9.0.124.0.

Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.

Solution:
Update to a fixed version.

-- Flash Player 9.0.115.0 and earlier --

Update to version 9.0.124.0.
http://www.adobe.com/go/getflash

-- Flash Player 9.0.115.0 and earlier - network distribution --

Update to version 9.0.124.0.
http://www.adobe.com/licensing/distribution

-- Flex 3.0 --

Update to version 9.0.124.0.
http://www.adobe.com/support/flashplayer/downloads.html#fp9

-- AIR 1.0 --

Update to version 1.0.1.
http://www.adobe.com/go/getair

Provided and/or discovered by:
1) Alin Rad Pop, Secunia Research. The vendor also credits Javier Vicente Vallejo and Shane Macaulay, reported via ZDI.
2) Reported independently by:
* Mark Dowd, ISS X-Force.
* wushi of team509, reported via ZDI.
3) The vendor credits:
* Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong Shao of Stanford University.
* Tom Gallagher, Microsoft.
4) Ernst and Young's Advanced Security Center.
5) Toshiharu Sugiyama of UBsecure, Inc. and JPCERT/CC.
6) Rich Cannings of the Google Security Team and Stefano Di Paola of Minded Security.

Changelog:
2008-04-09: Corrected vendor links in the "Solution" section.

Original Advisory:
Adobe:
http://www.adobe.com/support/security/bulletins/apsb08-11.html

Secunia Research:
http://secunia.com/secunia_research/2007-103/

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-021/

ISS X-Force:
http://www.iss.net/threats/289.html

Other References:
SA28161:
http://secunia.com/advisories/28161/

Source: Adobe Flash Player Multiple Vulnerabilities - Advisories - Secunia