Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: Computer Terrorism (UK) :: Incident Response Centre - Adobe/Macromedia Flash Player Vulnerability



> -----Original Message-----
> From: irc@xxxxxxxxxxxxxxxxxxxxx [mailto:irc@xxxxxxxxxxxxxxxxxxxxx] 
> Sent: Tuesday, September 12, 2006 11:01 PM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: Computer Terrorism (UK) :: Incident Response Centre 
> - Adobe/Macromedia Flash Player Vulnerability
> 
> Computer Terrorism  (UK) :: Incident Response Centre
> 
> www.computerterrorism.com
> 
> Security Advisory: CT12-09-2006
> 
> 
> ============================================================
> Adobe/Macromedia Flash Player - Remote Code Execution
> ============================================================
> 
> Advisory Date: 12th, September 2006
> 
> Severity: Critical
> Impact: Remote System Access
> Solution Status: Vendor Patch
> 
> CVE Reference:  CVE-2006-3311  
> 
> 
> 
> Affected Software  
> =================
> 
> Adobe Flash Player 8.0.24.0 and earlier versions                      
> Adobe Flash Professional 8, Flash Basic
> Adobe Flash MX 2004
> Adobe Flex 1.5
> 
> Note: All OS Platforms are vulnerable
> 
> 
> 1. OVERVIEW
> ===========
> 
> Adobe/Macromedia Flash Player is the world's most ubiquitous 
> Browser plug-in 
> for Microsoft, Mozilla and Apple technologies. The plug-in 
> claims to facilitate 
> high-impact web interfaces and interactive online advertising 
> for circa 98% of 
> desktops globally.
> 
> Unfortunately, it transpires that Adobe Flash Player is prone 
> to a remote 
> arbitrary code execution vulnerability, that allows an 
> attacker to gain
> control of a target system through the simple invocation of a 
> maliciously 
> constructed web page.
> 
> 
> 2. TECHNICAL NARRATIVE
> ======================
> 
> The vulnerability originates out of Flash's failure to 
> sufficiently handle
> large dynamically generated strings at run time. As a result, 
> it is possible 
> (using rudimentary Action Script) to create a .swf movie in 
> such a way that 
> when processed by the Plug-in, will overwrite system memory 
> at an explicit
> location.
> 
> More specifically, the aforementioned location can (with a 
> certain degree of 
> accuracy) be attacker controlled via the direct manipulation 
> of the overall 
> length of the generated string.
> 
> The net result is that of a partially controllable condition, 
> which opens the 
> door to a multitude of differing exploitation vectors, 
> including but not 
> limited to heap/stack overwrites, and/or 3rd party race conditions.
> 
> 
> 3. EXPLOITATION
> ===============
> 
> Computer Terrorism (UK) can confirm the un-disclosed 
> production of a reliable
> multi-platform & multi-browser Web based Proof-Of-Concept 
> (PoC). Such an 
> exploit could be used in a web-based attack scenario, where 
> unsuspecting 
> users are lured to a maliciously constructed website.
> 
> Users that have not already done so are strongly advised to 
> upgrade to the latest
> version of Flash Player or apply the appropriate fix for 
> their particular version. 
> 
> 
> 4. VENDOR RESPONSE
> ==================
> 
> The vendor security bulletin and corresponding patches are 
> available at the 
> following location:
> 
> http://www.adobe.com/go/apsb06-11/
> 
> 
> 5. DISCLOSURE ANALYSIS
> ======================
> 
> 12/05/2006  Preliminary Vendor notification.
> 18/05/2006  Vulnerability confirmed in pre-release Flash 9, 
> and earlier versions
> 28/06/2006  Flash Player 9 released (Fixed)
> 31/07/2006  Public Disclosure Deferred by Vendor.
> 12/09/2006  Coordinated public release.
> 
> Total Time to Fix: 4 months (123 days)
> 
> 
> 6. CREDIT
> =========
> 
> The vulnerability was discovered by Stuart Pearson of 
> Computer Terrorism (UK) Ltd
> 
> 
> 
> 
> ===================
> About Computer Terrorism
> ===================
> 
> Computer Terrorism (UK) Ltd is a global provider of Digital 
> Risk Intelligence services. 
> Our unique approach to vulnerability risk assessment and 
> mitigation has helped protect 
> some of the worlds most at risk organisations. 
> 
> Headquartered in London, Computer Terrorism has 
> representation throughout Europe & 
> North America and can be reached at +44 (0) 870 250 9866 or email:-
> 
> sales [at] computerterrorism.com
> 
> To learn more about our services and to register for a FREE 
> comprehensive website 
> penetration test, visit: http:/www.computerterrorism.com
> 
> 
> Computer Terrorism (UK) :: Protection for a vulnerable world.
> 
> 
> 
> 



 




Copyright © Lexa Software, 1996-2009.