|
|
|
Credit:
The information has been provided by Jun Mao.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/
|
|
Vulnerable Systems:
* Adobe Flash Player 10.0.22.87
When a specifically crafted URL is passed to Flash Player, a heap overflow can occur and could result in arbitrary code execution.
Exploitation of this vulnerability allows the attacker to execute arbitrary code with the privileges of the current user. To exploit this vulnerability, a targeted user must load a malicious Web page created by an attacker. An attacker typically accomplishes this via social engineering techniques or injecting content into compromised, trusted sites.
Patch Availability:
Adobe has released an update which addresses this issue. For more information, consult their advisory (APSB09-10) at the following URL: http://www.adobe.com/support/security/bulletins/apsb09-10.html
CVE Information:
CVE-2009-1868
Disclosure Timeline:
04/09/2009 - Initial Contact 04/09/2009 - PoC Requested
04/09/2009 - PoC Sent
07/30/2009 - Adobe releases update for Flash
08/05/2009 - iDefense requests clarification
08/06/2009 - Adobe clarifies fixed issue
08/06/2009 - Public disclosure
|
|
|
|