TITLE: Adobe Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA28083 VERIFY ADVISORY: http://secunia.com/advisories/28083/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, System access WHERE: From remote REVISION: 1.1 originally posted 2008-04-09 SOFTWARE: Adobe Flash Player 9.x http://secunia.com/product/11901/ DESCRIPTION: Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system. 1) A boundary error exists in the processing of "Declare Function (V7)" tags. This can be exploited to cause a heap-based buffer overflow via specially crafted flags. 2) An integer overflow in the processing of multimedia files can be exploited to cause a buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. 3) Errors when pinning a hostname to an IP address can be exploited to conduct DNS rebinding attacks. This is related to vulnerability #3 in: SA28161 4) An error when sending HTTP headers can be exploited to bypass cross-domain policy files. 5) An error exists in the enforcing of cross-domain policy files. This can be exploited to bypass certain security restrictions on web servers hosting cross-domain policy files. This is related to vulnerability #4 in: SA28161 6) Input passed to unspecified parameters when handling e.g. the "asfunction:" protocol is not properly sanitised before being returned to the user. This can be exploited to inject arbitrary HTML and script code in a user's browser session in context of an affected site. This is related to vulnerability #5 in: SA28161 The vulnerabilities are reported in versions prior to 9.0.124.0. SOLUTION: Update to a fixed version. -- Flash Player 9.0.115.0 and earlier -- Update to version 9.0.124.0. http://www.adobe.com/go/getflash -- Flash Player 9.0.115.0 and earlier - network distribution -- Update to version 9.0.124.0. http://www.adobe.com/licensing/distribution -- Flex 3.0 -- Update to version 9.0.124.0. http://www.adobe.com/support/flashplayer/downloads.html#fp9 -- AIR 1.0 -- Update to version 1.0.1. http://www.adobe.com/go/getair ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb08-11.html Secunia Research: http://secunia.com/secunia_research/2007-103/ ZDI: http://www.zerodayinitiative.com/advisories/ZDI-08-021/ ISS X-Force: http://www.iss.net/threats/289.html OTHER REFERENCES: SA28161: http://secunia.com/advisories/28161/ ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts.