English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Adobe Flash Player Multiple Vulnerabilities


Secunia ID

SA43267

CVE-ID

CVE-2011-0558, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0575, CVE-2011-0577, CVE-2011-0578, CVE-2011-0607, CVE-2011-0608

Release Date

09 Feb 2011

Last Change

14 Feb 2011

Criticality

Highly Critical

Solution Status

Vendor Patch

Software

Adobe Flash CS4
Adobe Flash Player 10.x
Adobe Flash Professional CS5
Adobe Flex 4.x

Where

From remote

Impact
System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

Description

Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.

1) An integer overflow error in the ActionScript method of the built-in "Function" class can be exploited to cause a heap-based buffer overflow via specially crafted Flash content.

2) An error in a certain ActionScript method can be exploited to cause a user-supplied value to be used as an object pointer via specially crafted Flash content.

3) An unspecified error can be exploited to corrupt memory.

4) Unspecified errors can be exploited to corrupt memory.

5) Certain libraries are loaded in an insecure manner, which can be exploited to load arbitrary libraries by tricking a user into opening a file located on a remote WebDAV or SMB share.

6) An unspecified error exists within the font-parsing functionality.

7) Improper type checking when constructing a certain ActionScript3 object can be exploited to corrupt memory.

8) An unspecified error can be exploited to corrupt memory.

9) An unspecified error can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in version 10.1.102.64 and prior.

Solution

Update to version 10.2.152.26.

Flash Player:
http://www.adobe.com/go/getflash

Flash Player - network distribution:
http://www.adobe.com/licensing/distribution

Flash Professional CS5, Flash CS4 Professional, and Flex 4:
http://www.adobe.com/support/flashplayer/downloads.html#fp10

Reported by

1) Vitaliy Toropov via iDefense
2) An anonymous person via iDefense.
5) Simon Raner, ACROS Security.
7) An anonymous person via ZDI.

The vendor also credits:
3) Will Dormann, CERT.
4) Bo Qu, Palo Alto Networks.
6) Marc Schoenefeld, Red Hat Security Response Team.
8, 9) Tavis Ormandy, Google Security Team.

Original Advisory

Adobe:
http://www.adobe.com/support/security/bulletins/apsb11-02.html

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-11-081/

iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=893
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=894

ACROS Security:
http://www.acrossecurity.com/aspr/ASPR-2011-02-11-2-PUB.txt