[guru] Adobe Flash Player biztonsagi frissitesek
DATE: Thu, 17 Apr 2008 11:46:43 +0200
Több hibát is találtak az Adobe Flash Player termékében. Amennyiben egy
megfelelően módosított SWF állomány hibásan próbálja meg elindítani a
DeclareFunction2() Actionscript elemet, akkor ez kód futtatást tesz lehetővé
a támadó számára.
A "Declare Function (V7)" tag-ek kezelése is hibás, itt heap buffer overflow
hiba léphet fel.
Ezen kívül több más hibát is javítottak.
--- Begin Message ---
ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-021
April 8, 2008
-- CVE ID:
CVE-2007-6019
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Flash Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute code on vulnerable
installations of Adobe's Flash Player. User interaction is required in
that a user must visit a malicious web site.
The specific flaw exists when the Flash player attempts to access
embedded Actionscript objects that have not been properly instantiated.
In order for exploitation to occur, an attacker would have to modify a
DeclareFunction2 Actionscript tag within an SWF file. Exploitation of
this vulnerability can result in arbitrary code execution under the
context of the currently logged in user.
-- Vendor Response:
Adobe has issued an update to correct this vulnerability. More
details can be found at:
http://www.adobe.com/support/security/bulletins/apsb08-11.html
-- Disclosure Timeline:
2008-02-07 - Vulnerability reported to vendor
2008-04-08 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Javier Vicente Vallejo
* Shane Macaulay CanSecWest 2007 PWN2OWN Winner
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
is being sent by 3Com for the sole use of the intended recipient(s) and
may contain confidential, proprietary and/or privileged information.
Any unauthorized review, use, disclosure and/or distribution by any
recipient is prohibited. If you are not the intended recipient, please
delete and/or destroy all copies of this message regardless of form and
any included attachments and notify 3Com immediately by contacting the
sender via reply e-mail or forwarding to 3Com at postmaster@3com.com.
--- End Message ---
--- Begin Message ---
======================================================================
Secunia Research 08/04/2008
- Adobe Flash Player "Declare Function (V7)" Heap Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10
======================================================================
1) Affected Software
* Adobe Flash Player 9.0.115.0.
NOTE: Prior versions may also be affected.
======================================================================
2) Severity
Rating: Highly critical
Impact: System access
Where: Remote
======================================================================
3) Vendor's Description of Software
"Adobe Flash Player is the high-performance, lightweight, highly
expressive client runtime that delivers powerful and consistent user
experiences across major operating systems, browsers, mobile phones,
and devices."
Product Link:
http://www.adobe.com/products/flashplayer/
======================================================================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in Adobe Flash Player,
which potentially can be exploited by malicious people to compromise a
user's system.
The vulnerability is caused due to a boundary error in the processing
of "Declare Function (V7)" tags. This can be exploited to cause a
heap-based buffer overflow via specially crafted argument preload
flags.
Successful exploitation may allow execution of arbitrary code.
======================================================================
5) Solution
Update to version 9.0.124.0.
======================================================================
6) Time Table
19/12/2007 - Vendor notified.
19/12/2007 - Vendor response.
08/04/2008 - Public disclosure.
======================================================================
7) Credits
Discovered by Alin Rad Pop, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2007-6019 for the vulnerability.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://corporate.secunia.com/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://corporate.secunia.com/secunia_research/33/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/secunia_vacancies/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/secunia_security_advisories/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2007-103/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-100A
Adobe Flash Updates for Multiple Vulnerabilities
Original release date: April 9, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Adobe Flash Player 9.0.115.0 and earlier
* Adobe Flash Player 8.0.39.0 and earlier
Overview
Adobe has released Security advisory APSB08-11 to address multiple
vulnerabilities affecting Adobe Flash. The most severe of these
vulnerabilities could allow a remote attacker to execute arbitrary
code.
I. Description
Adobe Security Advisory APSB08-011 addresses a number of
vulnerabilities affecting the Adobe Flash player. Flash player
versions 9.0.115.0 and earlier and 8.0.39.0 and earlier are affected.
Further details are available in the US-CERT Vulnerability Notes
Database.
An attacker could exploit these vulnerabilities by convincing a user
to visit a website that hosts a specially crafted SWF file. The Adobe
Flash browser plugin is available for multiple web browsers and
operating systems, any of which could be affected.
II. Impact
The impacts of these vulnerabilities vary. The most severe of these
vulnerabilities allows a remote attacker to execute arbitrary code or
conduct cross-site scripting attacks.
III. Solution
Apply Updates
Check with your operating system vendor for patches or updates. If you
get the flash player from Adobe, see the Adobe Get Flash page for
information about updates.
Restrict access
These vulnerabilities can be mitigated by disabling the Flash plugin
or by using the NoScript extension to whitelist websites that can
access the Flash plugin. For more information about securely
configuring web browsers, please see the Securing Your Web Browser
document.
IV. References
* Adobe Security Advisory APSB08-011 -
<http://www.adobe.com/support/security/bulletins/apsb08-11.html>
* Adobe Flash Player Download Center -
<http://www.adobe.com/go/getflash>
* Understanding Flash Player 9 April 2008 Security Update
compatibility -
<http://www.adobe.com/devnet/flashplayer/articles/flash_player9_security_update.html>
* US-CERT Vulnerability Notes for Adobe Security advisory APSB08-011 -
<http://www.kb.cert.org/vuls/byid?searchview&query=APSB08-011>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
_________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-100A.html>
_________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-100A Feedback VU#347812" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
April 9, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR/zdXPRFkHkM87XOAQIR+ggAk0+t7keRs7OzyAsdG12UtFjyxheeX9Xi
Zl5UNxlnrUIAxe4eO0ySC+7TQm1MaJrBW2yWN7nbtf0pMGRfSudG78kv2KdVqT4o
SIrFhxIW+a4g2bFh56TEhZGRitMI+Yg3P0YyDA//svYvAQTXoEnBM0I4TBEYkb5C
d2X5O6cEJHpdz6yTlox0lnQb5fkpVsqGqnzagWtBAufEA482e1LeRiz/ehSs/SRa
iSbkadW30ZStsrRIrF1E7QRS1BF1QZ96C/5pgxl44zBb4d4+Dhjkk21S0hUjI/hm
FFKom4BrBaON+dRpsAWTDwxhM0Dib3YfskvKrdNic+lQ5ow/Mnp0Pg==
=SC0g
-----END PGP SIGNATURE-----
--- End Message ---