English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Adobe Flash Player Multiple Vulnerabilities


Secunia ID

SA41917

CVE-ID

CVE-2010-3636, CVE-2010-3637, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3976

Release Date

28 Oct 2010

Last Change

09 Nov 2010

Criticality

Extremely Critical

Solution Status

Vendor Patch

Software

Adobe Flash CS3
Adobe Flash CS4
Adobe Flash Player 10.x
Adobe Flash Player 9.x
Adobe Flash Professional CS5
Adobe Flex 3.x
Adobe Flex 4.x

Where

From remote

Impact
System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

Exposure of sensitive information

Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote.

Security Bypass

This covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application.

The actual impact varies significantly depending on the design and purpose of the affected application.

Description

Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.

1) An unspecified error can be exploited to execute arbitrary code.

NOTE: The vulnerability is currently being actively exploited.

2) An input validation error can be exploited to bypass cross-domain policy file restrictions when certain server encodings are being used.

3) An unspecified error in the "Flash10h.ocx" ActiveX control can be exploited to corrupt memory and potentially execute arbitrary code.

4) An unspecified error can be exploited to disclose potentially sensitive information.

Successful exploitation of this vulnerability is limited to the Macintosh platform and the Safari browser.

5) An unspecified error can be exploited to cause a crash and potentially execute arbitrary code.

6) Multiple unspecified errors can be exploited to corrupt memory and potentially execute arbitrary code.

7) An error due to loading libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share.

Successful exploitation of this vulnerability may allow execution of arbitrary code.

Solution

Update to a fixed version.

Flash Player 10.1.85.3 and earlier:
Update to version 10.1.102.64 or later.
http://www.adobe.com/go/getflash

Flash Player 9:
Update to version 9.0.289.0 or later.
http://www.adobe.com/go/kb406791

Flash Professional CS5, Flash CS4 Professional and Flex 4:
Update to version 10.1.102.64 or later.
http://www.adobe.com/support/flashplayer/downloads.html#fp10

Flash CS3 Professional and Flex 3:
Update to version 9.0.289.0 or later.

Reported by

1) Reported as a 0-day.
3) Xiaopeng Zhang, Fortinet's FortiGuard Labs
7) Simon Raner, ACROS Security

The vendor credits:
2) Tokuji Akamine, Symantec Consulting Services Japan
4) Erik Osterholm, Texas A&M University
5) Matthew Scott Bergin of Smash The Stack and Bergin Pen. Testing
6) Will Dormman, CERT/CC.

Original Advisory

Adobe:
http://www.adobe.com/support/security/advisories/apsa10-05.html
http://www.adobe.com/support/security/bulletins/apsb10-26.html

Mila Parkour:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html

ACROS Security:
http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt

Fortinet's FortiGuard Labs:
http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0038.html