English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Adobe Flash Player Multiple Vulnerabilities


Secunia ID

SA49388

CVE-ID

CVE-2012-2034, CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2038, CVE-2012-2039, CVE-2012-2040

Release Date

10 Jun 2012

Last Change

18 Jun 2012

Criticality

Highly Critical

Solution Status

Vendor Patch

Software

Adobe AIR 3.x
Adobe Flash Player 11.x

Where

From remote

Impact
System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

Security Bypass

This covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application.

The actual impact varies significantly depending on the design and purpose of the affected application.

Description

Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

1) An error when parsing ActionScript can be exploited to corrupt memory.

2) An unspecified error can be exploited to cause a stack-based buffer overflow.

3) An integer overflow error can be exploited to corrupt memory.

4) An error within NPSWF32.dll when parsing certain tags can be exploited to corrupt memory.

5) An error in the "SoundMixer.computeSpectrum()" method can be exploited to bypass the same-origin policy.

6) Unspecified errors related to "null dereference" may reportedly allow code execution.

7) An unspecified error in the installer allows planting a binary file and may allow execution of arbitrary code.

The vulnerabilities are reported in the following versions:
* Adobe Flash Player 11.2.202.235 and earlier for Windows, Macintosh and Linux
* Adobe Flash Player 11.1.115.8 and earlier for Android 4.x
* Adobe Flash Player 11.1.111.9 and earlier for Android 3.x and 2.x
* Adobe AIR 3.2.0.2070 and earlier for Windows, Macintosh and Android

Solution

Update to a fixed version.

Flash Player 11.2.202.235 and earlier for Windows and Macintosh:
Update to version 11.3.300.257.
http://www.adobe.com/go/getflash

Flash Player 11.2.202.235 and earlier - network distribution:
Update to version 11.3.300.257.
http://www.adobe.com/licensing/distribution

Flash Player 11.2.202.235 and earlier for Linux:
Update to version 11.2.202.236.
http://www.adobe.com/go/getflash

Flash Player 11.1.115.8 and earlier for Android 4.x:
Update to version 11.1.115.9.
https://market.android.com/details?id=com.adobe.flashplayer&hl=en

Flash Player 11.1.111.9 and earlier for Android 3.x and 2.x:
Update to version 11.1.111.10.
https://market.android.com/details?id=com.adobe.flashplayer&hl=en

Flash Player 11.2.202.235 and earlier for Chrome users:
Update to version 11.3.300.257.
http://googlechromereleases.blogspot.com/

AIR 3.2.0.2070:
Update to version 3.3.0.3610.
http://get.adobe.com/air/

AIR 3.2.0.2070 for Android:
Update to version 3.3.0.3610.
http://market.android.com/details?id=com.adobe.air

Reported by

1) wushi of team509 via iDefense VCP.
4) Kai Lu, Fortinet's FortiGuard Labs.
5) Mitsuaki Shiraishi, Symantec Japan via JPCERT/CC.

The vendor credits:
2) Manuel Caballero, Microsoft Vulnerability Research (MSVR).
3) Haifei Li, Microsoft Malware Protection Center (MMPC) and Microsoft Vulnerability Research (MSVR).
6) Tavis Ormandy, Google Security Team.
7) An anonymous person.

Original Advisory

Adobe:
http://www.adobe.com/support/security/bulletins/apsb12-14.html

JVN:
http://jvn.jp/en/jp/JVN38163638/index.html
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000046.html

Fortinet's FortiGuard Labs:
http://www.fortiguard.com/advisory/FGA-2012-17.html

iDefense:
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=987