Jump to content
Sign in to follow this  
TCH-Thomas

Adobe Flash Player Multiple Vulnerabilities

Recommended Posts

From: Secunia

secunia.com/advisories/28083/

 

Rating: Highly critical

 

Description:

Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system.

 

1) A boundary error exists in the processing of "Declare Function (V7)" tags. This can be exploited to cause a heap-based buffer overflow via specially crafted flags.

 

2) An integer overflow in the processing of multimedia files can be exploited to cause a buffer overflow.

 

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

 

3) Errors when pinning a hostname to an IP address can be exploited to conduct DNS rebinding attacks.

 

4) An error when sending HTTP headers can be exploited to bypass cross-domain policy files.

 

5) An error exists in the enforcing of cross-domain policy files. This can be exploited to bypass certain security restrictions on web servers hosting cross-domain policy files.

 

6) Input passed to unspecified parameters when handling e.g. the "asfunction:" protocol is not properly sanitised before being returned to the user. This can be exploited to inject arbitrary HTML and script code in a user's browser session in context of an affected site.

 

The vulnerabilities are reported in versions prior to 9.0.124.0.

 

Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.

 

Solution:

Update to a fixed version.

 

Flash Player 9.0.115.0 and earlier: Update to version 9.0.124.0.

adobe.com/go/getflash

 

Flash Player 9.0.115.0 and earlier (network distribution) : Update to version 9.0.124.0.

adobe.com/licensing/distribution

 

Flex 3.0: Update to version 9.0.124.0.

adobe.com/support/flashplayer/downloads.html#fp9

 

AIR 1.0: Update to version 1.0.1.

adobe.com/go/getair

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...