SecuriTeam - Adobe Flash Player URL Parsing Heap Overflow Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

CanSecWest 2012

2nd Annual Cyber Security

Hack In Paris

Adobe Flash Player is a cross-platform browser plug-in that delivers interactive content for Web experiences. Remote exploitation of a heap overflow vulnerability in Adobe Systems Inc's Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user.

Credit:
The information has been provided by Jun Mao.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Adobe Flash Player 10.0.22.87

When a specifically crafted URL is passed to Flash Player, a heap overflow can occur and could result in arbitrary code execution.

Exploitation of this vulnerability allows the attacker to execute arbitrary code with the privileges of the current user. To exploit this vulnerability, a targeted user must load a malicious Web page created by an attacker. An attacker typically accomplishes this via social engineering techniques or injecting content into compromised, trusted sites.

Patch Availability:
Adobe has released an update which addresses this issue. For more information, consult their advisory (APSB09-10) at the following URL: http://www.adobe.com/support/security/bulletins/apsb09-10.html

CVE Information:
CVE-2009-1868

Disclosure Timeline:
04/09/2009 - Initial Contact 04/09/2009 - PoC Requested
04/09/2009 - PoC Sent
07/30/2009 - Adobe releases update for Flash
08/05/2009 - iDefense requests clarification
08/06/2009 - Adobe clarifies fixed issue
08/06/2009 - Public disclosure

blog comments powered by Disqus

	HP Data Protector LogBackupLocationStatus SQL Injection Vulnerabilty
	InduSoft WebStudio Unauthenticated Operations Code Execution Vulnerabilityy
	InduSoft WebStudio CEServer Operation 0x15 Code Execution Vulnerability
	HP Data Protector Notebook Extension RequestCopy SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension LogClientInstallation SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension GetPolicies SQL Injection Vulnerabilty
	GE Proficy Historian ihDataArchiver.exe Trusted Header Size Code Execution Vulnerability
	HP Data Protector Notebook Extension LogClientHealth SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension LogCopyOperation SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension FinishedCopy SQL Injection Vulnerabilty
	Novell ZENWorks Software Packaging ISGrid.Grid2.1 Text Parameter Code Execution Vulnerabilit
	Adobe Reader BMP Image RLE Decoding Code Execution Vulnerability
	Apple QuickTime H264 Matrix Conversion Code Execution Vulnerability
	Apple QuickTime FLC Delta Decompression Code Execution Vulnerability
	Apple Quicktime PnPixPat PatType 3 Parsing Code Execution Vulnerability