Login   |   Secure Purdue > News

Adobe Flash Player: Multiple Vulnerabilities

Adobe Flash Player: Multiple Vulnerabilities

STEAM-ADVISORY NO. 2007071801 PURDUE UNIVERSITY SECURITY TEAM CIRT Wednesday July 18 14:11:00 EST 20007

**** NOTICE ****

A working exploit has been successfully tested but the code has not been publicly released yet.

****************

==OVERVIEW==

Adobe Flash Player and Flash Plugin have been found to have multiple vulnerabilities which could allow an attacker to remotely execute code on a vulnerable system, obtain sensitive information via browser keystrokes, and allow cross-site request forgery. These vulnerabilities affect all users of Adobe Flash Player regardless of platform (Win, Mac, Solaris, and Linux). A new version that addresses the security issues has been released by Adobe.

==SYSTEMS AFFECTED==

* Adobe Flash Player 9.0.45.0 and earlier (Win, Mac, Solaris, Linux)
* Adobe Flash Player 8.0.34.0 and earlier (Win, Mac, Solaris, Linux)
* Adobe Flash Player 7.0.69.0 and earlier (Win, Mac, Solaris, Linux)

==DETAILS==

There are actually three vulnerabilities addressed in this update from Adobe, one of which is considered to be critical.

The most critical of the three vulnerabilities occurs when an attacker using a specially crafted SWF file creates an "input validation error" that can execute arbitrary code on the user's computer. This vulnerability could be accessed through content delivered via a web browser, email client, or any other applications that include or reference the Flash Player. This particular vulnerability has been tested and confirmed but has not been publicly released yet.

The second vulnerability in Flash Player is due to insufficient validation of the HTTP Referer headers which can allow a remote attacker to conduct a cross-site request forgery attack using a crafted SWF file.

The last vulnerability in Flash Player only affects Opera or Konqueror browsers on Linux or Solaris which can potentially leak browser keystrokes to the Flash Player applet which could allow remote attackers to obtain sensitive information through your browser.

==SOLUTIONS==

Adobe has provided an update to Flash Player that fixes this vulnerability.

==FURTHER INFORMATION AND RESOURCES==

Adobe Upgrade Available:
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash

Adobe Security Bulletin:
http://www.adobe.com/support/security/bulletins/apsb07-12.html

Minded Security Labs Advisory:
http://www.mindedsecurity.com/en/labs/advisories/MSA01110707

Common Vulnerabilities and Exposures Links:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3457

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2022

==STEAM-CIRT CONTACT INFORMATION==

For questions concerning this advisory, please send email to:
itap-securityhelp@purdue.edu.

Report computer-related abuse to steam-cirt:
http://www.purdue.edu/securePurdue/incidentReportForm.cfm

http://www.purdue.edu/securepurdue/steam

Posted by Douglas Couch on July 17, 2007, in Advisory Alerts.