Adobe Flash Player: Multiple Vulnerabilities

Adobe Flash Player: Multiple Vulnerabilities

STEAM-ADVISORY NO. 2007071801 PURDUE UNIVERSITY SECURITY TEAM CIRT Wednesday July 18 14:11:00 EST 20007

**** NOTICE ****

A working exploit has been successfully tested but the code has not been publicly released yet.

****************

==OVERVIEW==

Adobe Flash Player and Flash Plugin have been found to have multiple vulnerabilities which could allow an attacker to remotely execute code on a vulnerable system, obtain sensitive information via browser keystrokes, and allow cross-site request forgery. These vulnerabilities affect all users of Adobe Flash Player regardless of platform (Win, Mac, Solaris, and Linux). A new version that addresses the security issues has been released by Adobe.

==SYSTEMS AFFECTED==

* Adobe Flash Player 9.0.45.0 and earlier (Win, Mac, Solaris, Linux)
* Adobe Flash Player 8.0.34.0 and earlier (Win, Mac, Solaris, Linux)
* Adobe Flash Player 7.0.69.0 and earlier (Win, Mac, Solaris, Linux)

==DETAILS==

There are actually three vulnerabilities addressed in this update from Adobe, one of which is considered to be critical.

The most critical of the three vulnerabilities occurs when an attacker using a specially crafted SWF file creates an "input validation error" that can execute arbitrary code on the user's computer. This vulnerability could be accessed through content delivered via a web browser, email client, or any other applications that include or reference the Flash Player. This particular vulnerability has been tested and confirmed but has not been publicly released yet.

The second vulnerability in Flash Player is due to insufficient validation of the HTTP Referer headers which can allow a remote attacker to conduct a cross-site request forgery attack using a crafted SWF file.

The last vulnerability in Flash Player only affects Opera or Konqueror browsers on Linux or Solaris which can potentially leak browser keystrokes to the Flash Player applet which could allow remote attackers to obtain sensitive information through your browser.

==SOLUTIONS==

Adobe has provided an update to Flash Player that fixes this vulnerability.

==FURTHER INFORMATION AND RESOURCES==

Adobe Upgrade Available:
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash

Adobe Security Bulletin:
http://www.adobe.com/support/security/bulletins/apsb07-12.html

Minded Security Labs Advisory:
http://www.mindedsecurity.com/en/labs/advisories/MSA01110707

Common Vulnerabilities and Exposures Links:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3457

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2022

==STEAM-CIRT CONTACT INFORMATION==

For questions concerning this advisory, please send email to:
itap-securityhelp@purdue.edu.

Report computer-related abuse to steam-cirt:
https://purdue.qualtrics.com/SE/?SID=SV_4Z45KwRtZD5qROl

http://www.purdue.edu/securepurdue/steam



Posted by Douglas Couch on July 17, 2007, in Advisory Alerts.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2016 Purdue University | An equal access/equal opportunity university | Integrity Statement | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at itap@purdue.edu.

PDF files can be viewed in Adobe Acrobat Reader.