SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

Adobe/Macromedia Flash Player Vulnerability


Arrow  SecurityAlert : 1546
Arrow  CVE : CVE-2006-3311
Arrow  SecurityRisk : High  Security Risk High  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Exploit Available : No
Arrow  Credit : Stuart Pearson
Arrow  Published : 18.09.2006

Arrow  Affected Software : Adobe Flash Player 8.0.24.0 and earlier versions
Adobe Flash Professional 8, Flash Basic
Adobe Flash MX 2004
Adobe Flex 1.5



Arrow  Advisory Content :  

Computer Terrorism (UK) :: Incident Response Centre

www.computerterrorism.com

Security Advisory: CT12-09-2006

============================================================

Adobe/Macromedia Flash Player - Remote Code Execution

============================================================

Advisory Date: 12th, September 2006

Severity: Critical

Impact: Remote System Access

Solution Status: Vendor Patch

CVE Reference: CVE-2006-3311

Affected Software

=================

Adobe Flash Player 8.0.24.0 and earlier versions

Adobe Flash Professional 8, Flash Basic

Adobe Flash MX 2004

Adobe Flex 1.5

Note: All OS Platforms are vulnerable

1. OVERVIEW

===========

Adobe/Macromedia Flash Player is the world's most ubiquitous Browser
plug-in

for Microsoft, Mozilla and Apple technologies. The plug-in claims to
facilitate

high-impact web interfaces and interactive online advertising for circa 98%
of

desktops globally.

Unfortunately, it transpires that Adobe Flash Player is prone to a remote

arbitrary code execution vulnerability, that allows an attacker to gain

control of a target system through the simple invocation of a maliciously

constructed web page.

2. TECHNICAL NARRATIVE

======================

The vulnerability originates out of Flash's failure to sufficiently handle

large dynamically generated strings at run time. As a result, it is
possible

(using rudimentary Action Script) to create a .swf movie in such a way
that

when processed by the Plug-in, will overwrite system memory at an explicit

location.

More specifically, the aforementioned location can (with a certain degree
of

accuracy) be attacker controlled via the direct manipulation of the
overall

length of the generated string.

The net result is that of a partially controllable condition, which opens
the

door to a multitude of differing exploitation vectors, including but not

limited to heap/stack overwrites, and/or 3rd party race conditions.

3. EXPLOITATION

===============

Computer Terrorism (UK) can confirm the un-disclosed production of a
reliable

multi-platform & multi-browser Web based Proof-Of-Concept (PoC). Such an

exploit could be used in a web-based attack scenario, where unsuspecting

users are lured to a maliciously constructed website.

Users that have not already done so are strongly advised to upgrade to the
latest

version of Flash Player or apply the appropriate fix for their particular
version.

4. VENDOR RESPONSE

==================

The vendor security bulletin and corresponding patches are available at
the

following location:

http://www.adobe.com/go/apsb06-11/

5. DISCLOSURE ANALYSIS

======================

12/05/2006 Preliminary Vendor notification.

18/05/2006 Vulnerability confirmed in pre-release Flash 9, and earlier
versions

28/06/2006 Flash Player 9 released (Fixed)

31/07/2006 Public Disclosure Deferred by Vendor.

12/09/2006 Coordinated public release.

Total Time to Fix: 4 months (123 days)

6. CREDIT

=========

The vulnerability was discovered by Stuart Pearson of Computer Terrorism
(UK) Ltd

===================

About Computer Terrorism

===================

Computer Terrorism (UK) Ltd is a global provider of Digital Risk
Intelligence services.

Our unique approach to vulnerability risk assessment and mitigation has
helped protect

some of the worlds most at risk organisations.

Headquartered in London, Computer Terrorism has representation throughout
Europe &

North America and can be reached at +44 (0) 870 250 9866 or email:-

sales [at] computerterrorism.com

To learn more about our services and to register for a FREE comprehensive
website

penetration test, visit: http:/www.computerterrorism.com

Computer Terrorism (UK) :: Protection for a vulnerable world.




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc:fts_*() Multiple Denial of Service

Security Risk Medium- 2009-10-02

The fts functions are provided for traversing UNIX file hierarchies...
Apache RSS Apache Alert

» Apache 1.3.41 mod_proxy
   Integer overflow (code
   execution)

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion in work
   directory

» Apache Tomcat 6.0.20 and
   5.5.28 insecure partial
   deploy after failed
   undeploy

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion and/or
   alteration
PHP RSS PHP Alert

» PHP 5.2.12/5.3.1 Multiple
   Vulnerabilities

» PHP 5.2.11 libgd multiple
   vulnerabilities

» PHP 5.2.11 tempnam()
   safe_mode bypass

» PHP 5.3.0 5.2.11
   posix_mkfifo()
   open_basedir bypass
Copyright © SecurityReason.com. All Rights Reserved.