---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Adobe Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA28083 VERIFY ADVISORY: http://secunia.com/advisories/28083/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, System access WHERE: >From remote REVISION: 1.1 originally posted 2008-04-09 SOFTWARE: Adobe Flash Player 9.x http://secunia.com/product/11901/ DESCRIPTION: Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system. 1) A boundary error exists in the processing of "Declare Function (V7)" tags. This can be exploited to cause a heap-based buffer overflow via specially crafted flags. 2) An integer overflow in the processing of multimedia files can be exploited to cause a buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. 3) Errors when pinning a hostname to an IP address can be exploited to conduct DNS rebinding attacks. This is related to vulnerability #3 in: SA28161 4) An error when sending HTTP headers can be exploited to bypass cross-domain policy files. 5) An error exists in the enforcing of cross-domain policy files. This can be exploited to bypass certain security restrictions on web servers hosting cross-domain policy files. This is related to vulnerability #4 in: SA28161 6) Input passed to unspecified parameters when handling e.g. the "asfunction:" protocol is not properly sanitised before being returned to the user. This can be exploited to inject arbitrary HTML and script code in a user's browser session in context of an affected site. This is related to vulnerability #5 in: SA28161 The vulnerabilities are reported in versions prior to 9.0.124.0. SOLUTION: Update to a fixed version. -- Flash Player 9.0.115.0 and earlier -- Update to version 9.0.124.0. http://www.adobe.com/go/getflash -- Flash Player 9.0.115.0 and earlier - network distribution -- Update to version 9.0.124.0. http://www.adobe.com/licensing/distribution -- Flex 3.0 -- Update to version 9.0.124.0. http://www.adobe.com/support/flashplayer/downloads.html#fp9 -- AIR 1.0 -- Update to version 1.0.1. http://www.adobe.com/go/getair PROVIDED AND/OR DISCOVERED BY: 1) Alin Rad Pop, Secunia Research. The vendor also credits Javier Vicente Vallejo and Shane Macaulay, reported via ZDI. 2) Reported independently by: * Mark Dowd, ISS X-Force. * wushi of team509, reported via ZDI. 3) The vendor credits: * Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong Shao of Stanford University. * Tom Gallagher, Microsoft. 4) Ernst and Young's Advanced Security Center. 5) Toshiharu Sugiyama of UBsecure, Inc. and JPCERT/CC. 6) Rich Cannings of the Google Security Team and Stefano Di Paola of Minded Security. CHANGELOG: 2008-04-09: Corrected vendor links in the "Solution" section. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb08-11.html Secunia Research: http://secunia.com/secunia_research/2007-103/ ZDI: http://www.zerodayinitiative.com/advisories/ZDI-08-021/ ISS X-Force: http://www.iss.net/threats/289.html OTHER REFERENCES: SA28161: http://secunia.com/advisories/28161/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------