Thread-topic: Computer Terrorism (UK) :: Incident Response Centre - Adobe/Macromedia Flash Player Vulnerability
> -----Original Message-----
> From: irc@xxxxxxxxxxxxxxxxxxxxx [mailto:irc@xxxxxxxxxxxxxxxxxxxxx]
> Sent: Tuesday, September 12, 2006 11:01 PM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: Computer Terrorism (UK) :: Incident Response Centre
> - Adobe/Macromedia Flash Player Vulnerability
>
> Computer Terrorism (UK) :: Incident Response Centre
>
> www.computerterrorism.com
>
> Security Advisory: CT12-09-2006
>
>
> ============================================================
> Adobe/Macromedia Flash Player - Remote Code Execution
> ============================================================
>
> Advisory Date: 12th, September 2006
>
> Severity: Critical
> Impact: Remote System Access
> Solution Status: Vendor Patch
>
> CVE Reference: CVE-2006-3311
>
>
>
> Affected Software
> =================
>
> Adobe Flash Player 8.0.24.0 and earlier versions
> Adobe Flash Professional 8, Flash Basic
> Adobe Flash MX 2004
> Adobe Flex 1.5
>
> Note: All OS Platforms are vulnerable
>
>
> 1. OVERVIEW
> ===========
>
> Adobe/Macromedia Flash Player is the world's most ubiquitous
> Browser plug-in
> for Microsoft, Mozilla and Apple technologies. The plug-in
> claims to facilitate
> high-impact web interfaces and interactive online advertising
> for circa 98% of
> desktops globally.
>
> Unfortunately, it transpires that Adobe Flash Player is prone
> to a remote
> arbitrary code execution vulnerability, that allows an
> attacker to gain
> control of a target system through the simple invocation of a
> maliciously
> constructed web page.
>
>
> 2. TECHNICAL NARRATIVE
> ======================
>
> The vulnerability originates out of Flash's failure to
> sufficiently handle
> large dynamically generated strings at run time. As a result,
> it is possible
> (using rudimentary Action Script) to create a .swf movie in
> such a way that
> when processed by the Plug-in, will overwrite system memory
> at an explicit
> location.
>
> More specifically, the aforementioned location can (with a
> certain degree of
> accuracy) be attacker controlled via the direct manipulation
> of the overall
> length of the generated string.
>
> The net result is that of a partially controllable condition,
> which opens the
> door to a multitude of differing exploitation vectors,
> including but not
> limited to heap/stack overwrites, and/or 3rd party race conditions.
>
>
> 3. EXPLOITATION
> ===============
>
> Computer Terrorism (UK) can confirm the un-disclosed
> production of a reliable
> multi-platform & multi-browser Web based Proof-Of-Concept
> (PoC). Such an
> exploit could be used in a web-based attack scenario, where
> unsuspecting
> users are lured to a maliciously constructed website.
>
> Users that have not already done so are strongly advised to
> upgrade to the latest
> version of Flash Player or apply the appropriate fix for
> their particular version.
>
>
> 4. VENDOR RESPONSE
> ==================
>
> The vendor security bulletin and corresponding patches are
> available at the
> following location:
>
>
>
>
> 5. DISCLOSURE ANALYSIS
> ======================
>
> 12/05/2006 Preliminary Vendor notification.
> 18/05/2006 Vulnerability confirmed in pre-release Flash 9,
> and earlier versions
> 28/06/2006 Flash Player 9 released (Fixed)
> 31/07/2006 Public Disclosure Deferred by Vendor.
> 12/09/2006 Coordinated public release.
>
> Total Time to Fix: 4 months (123 days)
>
>
> 6. CREDIT
> =========
>
> The vulnerability was discovered by Stuart Pearson of
> Computer Terrorism (UK) Ltd
>
>
>
>
> ===================
> About Computer Terrorism
> ===================
>
> Computer Terrorism (UK) Ltd is a global provider of Digital
> Risk Intelligence services.
> Our unique approach to vulnerability risk assessment and
> mitigation has helped protect
> some of the worlds most at risk organisations.
>
> Headquartered in London, Computer Terrorism has
> representation throughout Europe &
> North America and can be reached at +44 (0) 870 250 9866 or email:-
>
> sales [at] computerterrorism.com
>
> To learn more about our services and to register for a FREE
> comprehensive website
> penetration test, visit: http:/www.computerterrorism.com
>
>
> Computer Terrorism (UK) :: Protection for a vulnerable world.
>
>
>
>
