Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Vulnerability Alert

Adobe Flash Player Multimedia File Integer Overflow Vulnerability

 
Threat Type:CWE-94: Code Injection
IntelliShield ID:15623
Version:5
First Published:2008 April 09 21:06 GMT
Last Published:2008 June 04 11:45 GMT
Port: Not available
CVE:CVE-2007-0071
BugTraq ID:28695
Urgency:Possible use
Credibility:Confirmed
Severity:Moderate Damage
CVSS Base:9.3 CVSS Calculator
CVSS Version 2.0
CVSS Temporal:8.1
Related Resources:
View related IPS SignatureView related Alert
 
 
Version Summary:

Sun has released an alert notification and patches to address the Adobe Flash Player multimedia file integer overflow vulnerability.

 
 
Description

Adobe Flash Player versions 9.0.115.0 and prior and versions 8.0.39.0 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the user.

The vulnerability exists because of errors in processing values in Flash multimedia files.? An?attacker could exploit this vulnerability by convincing a user to view a malicious Flash file as part of a website.? If successful, the attacker could execute arbitrary code with the privileges of the user.

Downloader.Swif.C, attempts to exploit this vulnerability and is documented in IntelliShield Alert 15955.? Reports indicate that this malicious code is currently active.

Adobe has confirmed the vulnerability and released updated software.

 
Warning Indicators

Adobe Flash Player versions 9.0.115.0 and prior?and versions 8.0.39.0 and prior are vulnerable.

 
IntelliShield Analysis

An attacker must rely upon user interaction to exploit this vulnerability.??The attacker must convince a user to view a malicious Flash multimedia file.? This file may be a stand-alone file delivered as an e-mail attachment or embedded within an external website.? If the attacker convinces a user to view a malicious file,?that action?could trigger the execution of arbitrary code with the privileges of the user.? If the user holds elevated privileges, such as Administrator privileges granted on Windows-based systems, the attacker could execute code resulting in complete system compromise.?

Systems on which users are granted only restricted privileges may experience less of an impact, because the attacker could execute code with only limited privileges.

The Adobe Product Security Incident Response Team reports the multimedia file integer overflow vulnerability in Adobe Flash Player is currently being used to conduct widespread attacks as detailed in IntelliShield alert 15939.? The malicious code associated with these attacks may be detected as Downloader.Swif.C as described in IntelliShield alert 15955.

 
Vendor Announcements

Adobe has released a security bulletin available at the following link: APSB08-11

Apple has released a security update at the following link: Security Update 2008-003 

Gentoo has released a security advisory at the following link: GLSA 200804-21

Red Hat has released a security advisory at the following link: RHSA-2008:0221-3

Sun has released an alert notification at the following link: 238305

SUSE has released a security announcement at the following link: SUSE-SA:2008:022 

US-CERT has released a vulnerability note at the following link: VU#395473

 
Impact

An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code with the privileges of the user.? If the user holds Administrator privileges, the attacker could execute code that may result in a complete system compromise.

 
Technical Information

The vulnerability is due to errors in processing values within Flash multimedia files.? The processing of a malicious file could trigger an integer overflow condition, corrupting system memory.? An unauthenticated, remote attacker could leverage this memory corruption to execute arbitrary code with the privileges of the user.? Additional technical information is not available.

 
Safeguards

Administrators are advised to apply the available update.

Users are advised not to follow unsolicited links.? Users should verify the authenticity of unexpected links prior to following such links.

Administrators may consider disabling or removing the affected Flash Player from affected systems.

Administrators are advised not to browse the Internet from critical systems.

Administrators are advised to monitor critical systems for signs of suspicious activity.

The Cisco Applied Intelligence team has created the following companion document to guide administrators in identifying and mitigating attempts to exploit this vulnerability prior to applying updated software: Cisco Applied Mitigation Bulletin: Adobe Flash Player Multimedia File Integer Overflow

 
Patches/Software

Adobe has released updates available through software automatic update features and at the following link: Player Download Central

Apple has released software updates at the following links:

Mac OS X and Mac OS X Server 10.4.11
Security Update 2008-003 (PPC)
Security Update Server 2008-003 (PPC)
Security Update 2008-003 Server (Universal)
Security Update 2008-003 (Intel)

Mac OS X and Mac OS X Server 10.5.3
Mac OS X 10.5.3 Combo Update
Mac OS X 10.5.3 Update
Mac OS X Server 10.5.3 Combo Update
Mac OS X Server 10.5.3 Update

Gentoo updates can be obtained for the following package using the emerge command: net-www/netscape-flash

Red Hat packages can be updated using the up2date command.

Sun has released patches at the following links:

SPARC
Solaris 10 patch 125332-03 or later

Intel
Solaris 10 patch 125333-03 or later

SUSE has released updated packages; users can install the updates using YaST.


Signatures
 
Cisco Intrusion Prevention System (IPS) 6.0
Signature IDSignature NameReleaseLatest Release Date
6959/0Adobe Flash Null Pointer DereferenceS3362008 May 29 
16038/0Adobe Flash Insufficient Data Validation Buffer OverflowS4552009 Dec 11 
 
Alert History
 

Version 4, May 29, 2008, 12:36 PM: The Adobe Product Security Incident Response Team reports the multimedia file integer overflow vulnerability in Adobe Flash Player is currently being used to conduct widespread attacks.  US-CERT has released a vulnerability note.

Version 3, April 22, 2008 8:35 AM: Gentoo has released a security advisory and updated packages to address the Adobe Flash Player multimedia file integer overflow vulnerability.

Version 2, April 14, 2008, 7:27 AM: SUSE has released a security announcement and updated packages to address the Adobe Flash Player multimedia file integer overflow vulnerability.

Version 1, April 9, 2008, 5:06 PM: Adobe Flash Player contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the user.  Updates are available.



Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
AdobeAdobe Flash Player 8.0.22.0 Base | 8.0.24.0 Base | 8.0.33.0 Base | 8.0.34.0 Base | 8.0.35.0 Base | 8.0.39.0 Base | 9.0.16.0 Base | 9.0.20.0 Base | 9.0.45.0 Base | 9.0.47.0 Base | 9.0.48.0 Base | 9.0.115.0 Base

Associated Products:
AppleMac OS X 10.4.0 Base | 10.4.1 Base | 10.4.2 Base | 10.4.3 Base | 10.4.4 Intel, PPC | 10.4.5 Intel, PPC | 10.4.6 Intel, PPC | 10.4.7 Intel, PPC | 10.4.8 Intel, PPC | 10.4.9 Intel, PPC | 10.4.10 Intel, PPC | 10.4.11 Intel, PPC | 10.5 Intel, PPC | 10.5.1 Intel, PPC | 10.5.2 Intel, PPC | 10.5.3 Base
AppleMac OS X Server 10.4.0 Base | 10.4.1 Base | 10.4.2 Base | 10.4.3 Base | 10.4.4 Base | 10.4.5 Base | 10.4.6 Base | 10.4.7 Intel, PPC | 10.4.8 Intel, PPC | 10.4.9 Intel, PPC | 10.4.10 Intel, PPC | 10.4.11 PPC, Intel | 10.5 Intel, PPC | 10.5.1 Intel, PPC | 10.5.2 Intel, PPC
Gentoo Technologies, Inc.Gentoo Linux 2004 .0, .1, .2, .3 | 2005 .0 | 2006 .0, .1 | 2007 .0
Novell, Inc.Novell Linux Desktop 9 x86, x86_64
Novell, Inc.SuSE Linux Enterprise Desktop (SLED) 10 SP1 amd64, SP1 x86, SP1 em64t
Red Hat, Inc.Red Hat Enterprise Linux Desktop Supplementary 5.0 IA-32, x86-64
Red Hat, Inc.Red Hat Enterprise Linux Extras 3 IA-32 | 4 IA-32
Red Hat, Inc.RHEL Supplementary 5 IA-32, x86_64
Sun Microsystems, Inc.Solaris 10 sparc, x64/x86
SUSESuSE Linux 10.1 i586




Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service. This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment.


LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield