(Adobe Issues Fix for Acrobat) Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code, Scan Ports, and Conduct HTTP Request Splitting and Cross-Site Scripting Attacks
|
|
SecurityTracker Alert ID: 1019972 |
|
SecurityTracker URL: http://securitytracker.com/id/1019972
|
|
CVE Reference:
CVE-2007-4768
(Links to External Site)
|
Date: May 7 2008
|
Impact:
Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Host/resource access via network, Modification of user information, User access via local system, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
Several vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting and request splitting attacks. A remote user can conduct port scans via the player. Adobe Acrobat and Adobe Reader are affected.
A remote user can create specially crafted Flash content that, when loaded by the target user, will execute arbitrary code on the target system [CVE-2007-4768, CVE-2007-6242, CVE-2007-6246]. The code will run with the privileges of the target user. Tavis Ormandy and Will Drewry of the Google Security Team, Aaron Portnoy of TippingPoint DVLabs, and Jesse Michael and Thomas Biege of SUSE reported these vulnerabilities.
A remote user can conduct DNS rebinding attacks [CVE-2007-5275]. Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong Shao of Stanford University reported this vulnerability.
Some SWF files do not properly filter HTML code from user-supplied input before displaying the input [CVE-2007-6244]. A remote user can create a specially crafted content using the asfunction: protocol that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. Flash Player 7 is not affected. Rich Cannings of the Google Security Team reported this vulnerability.
The navigateToURL() function does not properly filter HTML code from user-supplied input before displaying the input [CVE-2007-6244]. Only systems with the Flash Player ActiveX Control and Internet Explorer are affected. Collin Jackson and Adam Barth of Stanford University reported this vulnerability.
A remote user can conduct privilege escalation attacks against target web servers hosting Flash content and cross-domain policy files [CVE-2007-6243]. Toshiharu Sugiyama of UBsecure, Inc. and JPCERT/CC reported this vulnerability.
A remote user can modify the HTTP headers of a request to conduct HTTP request splitting attacks [CVE-2007-6245]. Toshiharu Sugiyama of UBsecure, Inc. and JPCERT/CC reported this vulnerability.
A remote user can cause the target user's Flash Player to conduct port scans [CVE-2007-4324].
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can execute scripting code in the context of arbitrary sites.
A remote user can cause the target user's Flash Player to conduct port scans against arbitrary hosts.
|
Solution:
Adobe has issued a fix for Adobe Reader and Adobe Acrobat for CVE-2007-4768.
The vendor's advisory is available at:
http://www.adobe.com/support/security/bulletins/apsb08-13.html
|
Vendor URL: www.adobe.com/support/security/bulletins/apsb07-20.html (Links to External Site)
|
Cause:
Access control error, Boundary error, Input validation error
|
Underlying OS:
Linux (Any), UNIX (OS X), Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 6 May 2008 22:59:06 -0400
Subject: Security Updates available for Adobe Reader and Acrobat 7 and 8
|
http://www.adobe.com/support/security/bulletins/apsb08-13.html
CVE-2007-4768
CVE-2007-5659
CVE-2007-5663
CVE-2007-5666
CVE-2008-0655
CVE-2008-0667
CVE-2008-0726
CVE-2008-2042
|
|
