微慑信息网

CVE-2007-0071-漏洞详情

CVE-2007-0071
CVSS 9.3
发布时间 :2008-04-09 17:05:00
修订时间 :2011-03-07 00:00:00
NMCOPS

[原文]Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.


[CNNVD]Adobe Flash Player整数溢出漏洞(CNNVD-200804-112)

Flash Player是一款非常流行的FLASH播放器 。

Flash Player 9.0.115.0版本以更早版本中存在整数溢出漏洞。远程攻击者可以借助一个场景的特制SWF文件的任意代码计数的值,用来抵消一个NULL指针,触发缓冲区溢出,导致任意代码执行。


CVSS (基础分值)

CVSS分值: 9.3 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]


CWE (弱点类目)

CWE-189 [数值错误]


CPE (受影响的平台与产品)

cpe:/a:adobe:flex:3.0
cpe:/a:adobe:flash_player:8.0::pro
cpe:/a:adobe:flash_player:9.0.16 Adobe Flash Player 9.0.16
cpe:/a:adobe:flash_player:9.0.31 Adobe Flash Player 9.0.31
cpe:/a:adobe:flash_player:8.0 Adobe Flash Player 8.0
cpe:/a:adobe:flash_player:8.0.24.0 Adobe Flash 8.0.24.0
cpe:/a:adobe:flash_player:9.0.47.0 Adobe Flash Player 9.0.47.0
cpe:/a:adobe:flash_player:7.0.1 Adobe Flash MX 2004
cpe:/a:adobe:flash_player:7.0.63 Adobe Flash Player 7.0.63
cpe:/a:adobe:flash_player:8.0.34.0 Adobe Flash Player 8.0.34.0
cpe:/a:adobe:flash_player:8.0::basic
cpe:/a:adobe:flash_player:7.1.1 Adobe Flash MX 2004
cpe:/a:adobe:flash_player:7.2 Adobe Flash MX 2004
cpe:/a:adobe:flash_player:9.0.28.0 Adobe Flash Player 9.0.28.0
cpe:/a:adobe:flash_player:9.0.114.0 Adobe Flash Player 9.0.114.0
cpe:/a:adobe:flash_player:9.0.31.0 Adobe Flash Player 9.0.31.0
cpe:/a:adobe:flash_player:8.0.35.0 Adobe Flash Player 8.0.35.0
cpe:/a:adobe:air:1.0
cpe:/a:adobe:flash_player:7.0.25 Adobe Flash Player 7.0.25
cpe:/a:adobe:flash_player:7.0 Adobe Flash MX 2004
cpe:/a:adobe:flash_player:9.0.48.0 Adobe Flash Player 9.0.48.0
cpe:/a:adobe:flash_player:9.0.20 Adobe Flash Player 9.0.20
cpe:/a:adobe:flash_player:7.1 Adobe Flash MX 2004
cpe:/a:adobe:flash_player:9.0.112.0 Adobe Flash Player 9.0.112.0
cpe:/a:adobe:flash_player:9
cpe:/a:adobe:flash_player:9.0.20.0 Adobe Flash Player 9.0.20.0
cpe:/a:adobe:flash_player:9.0.45.0 Adobe Flash Player 9.0.45.0
cpe:/a:adobe:flash_player:8.0.39.0 Adobe Flash Player 8.0.39.0
cpe:/a:adobe:flash_player:9.0.115.0 Adobe Flash Player 9.0.115.0


OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10379 Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code vi…
oval:org.mitre.oval:def:22542 ELSA-2008:0221: flash-plugin security update (Critical)
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。


官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0071
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200804-112
(官方数据源) CNNVD


其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA08-150A.html

(UNKNOWN)  CERT  TA08-150A

http://www.us-cert.gov/cas/techalerts/TA08-149A.html

(UNKNOWN)  CERT  TA08-149A

http://www.us-cert.gov/cas/techalerts/TA08-100A.html

(UNKNOWN)  CERT  TA08-100A

http://www.kb.cert.org/vuls/id/395473

(UNKNOWN)  CERT-VN  VU#395473

http://www.kb.cert.org/vuls/id/159523

(UNKNOWN)  CERT-VN  VU#159523

http://xforce.iss.net/getrecord.jsp?id=37277

(UNKNOWN)  XF  multimedia-file-integer-overflow(37277)

http://www.zerodayinitiative.com/advisories/ZDI-08-032/

(UNKNOWN)  MISC  http://www.zerodayinitiative.com/advisories/ZDI-08-032/

http://www.vupen.com/english/advisories/2008/1724/references

(VENDOR_ADVISORY)  VUPEN  ADV-2008-1724

http://www.vupen.com/english/advisories/2008/1697

(VENDOR_ADVISORY)  VUPEN  ADV-2008-1697

http://www.vupen.com/english/advisories/2008/1662/references

(VENDOR_ADVISORY)  VUPEN  ADV-2008-1662

http://www.securitytracker.com/id?1019811

(UNKNOWN)  SECTRACK  1019811

http://www.securityfocus.com/bid/29386

(UNKNOWN)  BID  29386

http://www.securityfocus.com/bid/28695

(UNKNOWN)  BID  28695

http://www.redhat.com/support/errata/RHSA-2008-0221.html

(UNKNOWN)  REDHAT  RHSA-2008:0221

http://www.osvdb.org/44282

(UNKNOWN)  OSVDB  44282

http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/

(UNKNOWN)  MISC  http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/

http://www.iss.net/threats/289.html

(UNKNOWN)  ISS  20080408 Adobe Flash Player Invalid Pointer Vulnerability

http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml

(UNKNOWN)  GENTOO  GLSA-200804-21

http://www.adobe.com/support/security/bulletins/apsb08-11.html

(VENDOR_ADVISORY)  CONFIRM  http://www.adobe.com/support/security/bulletins/apsb08-11.html

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1

(UNKNOWN)  SUNALERT  238305

http://secunia.com/advisories/30507

(VENDOR_ADVISORY)  SECUNIA  30507

http://secunia.com/advisories/30430

(VENDOR_ADVISORY)  SECUNIA  30430

http://secunia.com/advisories/30404

(VENDOR_ADVISORY)  SECUNIA  30404

http://secunia.com/advisories/29865

(VENDOR_ADVISORY)  SECUNIA  29865

http://secunia.com/advisories/29763

(VENDOR_ADVISORY)  SECUNIA  29763

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html

(UNKNOWN)  SUSE  SUSE-SA:2008:022

http://lists.apple.com/archives/security-announce/2008//May/msg00001.html

(UNKNOWN)  APPLE  APPLE-SA-2008-05-28

http://isc.sans.org/diary.html?storyid=4465

(UNKNOWN)  MISC  http://isc.sans.org/diary.html?storyid=4465

http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf

(UNKNOWN)  MISC  http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf

http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html

(UNKNOWN)  MISC  http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html


漏洞信息

Adobe Flash Player整数溢出漏洞
高危 数字错误
2008-04-09 00:00:00 2009-02-03 00:00:00
远程
        Flash Player是一款非常流行的FLASH播放器 。

Flash Player 9.0.115.0版本以更早版本中存在整数溢出漏洞。远程攻击者可以借助一个场景的特制SWF文件的任意代码计数的值,用来抵消一个NULL指针,触发缓冲区溢出,导致任意代码执行。


公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.adobe.com/go/getflash


漏洞信息 (F65643)

Gentoo Linux Security Advisory 200804-21 (PacketStormID:F65643)

2008-04-18 00:00:00
Gentoo  security.gentoo.org

advisory,arbitrary,vulnerability,code execution

linux,gentoo

CVE-2007-0071,CVE-2007-5275,CVE-2007-6019,CVE-2007-6243,CVE-2007-6637,CVE-2008-1654,CVE-2008-1655

[点击下载]

Gentoo Linux Security Advisory GLSA 200804-21 – Multiple vulnerabilities have been identified, the worst of which allow arbitrary code execution on a user’s system via a malicious Flash file. Versions less than 9.0.124.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200804-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Adobe Flash Player: Multiple vulnerabilities
      Date: April 18, 2008
      Bugs: #204344
        ID: 200804-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been identified, the worst of which allow
arbitrary code execution on a user's system via a malicious Flash file.

Background
==========

The Adobe Flash Player is a renderer for the popular SWF file format,
which is commonly used to provide interactive websites, digital
experiences and mobile content.

Affected packages
=================

    -------------------------------------------------------------------
     Package                 /   Vulnerable   /             Unaffected
    -------------------------------------------------------------------
  1  net-www/netscape-flash      < 9.0.124.0 >= 9.0.124.0

Description
===========

Multiple vulnerabilities have been discovered in Adobe Flash:

* Secunia Research and Zero Day Initiative reported a boundary error
  related to DeclareFunction2 Actionscript tags in SWF files
  (CVE-2007-6019).

* The ISS X-Force and the Zero Day Initiative reported an unspecified
  input validation error that might lead to a buffer overflow
  (CVE-2007-0071).

* Microsoft, UBsecure and JPCERT/CC reported that cross-domain policy
  files are not checked before sending HTTP headers to another domain
  (CVE-2008-1654) and that it does not sufficiently restrict the
  interpretation and usage of cross-domain policy files
  (CVE-2007-6243).

* The Stanford University and Ernst and Young's Advanced Security
  Center reported that Flash does not pin DNS hostnames to a single IP
  addresses, allowing for DNS rebinding attacks (CVE-2007-5275,
  CVE-2008-1655).

* The Google Security Team and Minded Security Multiple reported
  multiple cross-site scripting vulnerabilities when passing input to
  Flash functions (CVE-2007-6637).

Impact
======

A remote attacker could entice a user to open a specially crafted file
(usually in a web browser), possibly leading to the execution of
arbitrary code with the privileges of the user running the Adobe Flash
Player. The attacker could also cause a user's machine to send HTTP
requests to other hosts, establish TCP sessions with arbitrary hosts,
bypass the security sandbox model, or conduct Cross-Site Scripting and
Cross-Site Request Forgery attacks.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Adobe Flash Player users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot -v ">=net-www/netscape-flash-9.0.124.0"

References
==========

  [ 1 ] CVE-2007-0071
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071
  [ 2 ] CVE-2007-5275
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275
  [ 3 ] CVE-2007-6019
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019
  [ 4 ] CVE-2007-6243
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
  [ 5 ] CVE-2007-6637
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637
  [ 6 ] CVE-2008-1654
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654
  [ 7 ] CVE-2008-1655
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200804-21.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


漏洞信息


44282
Adobe Flash Player Unspecified Input Validation Arbitrary Code Execution

Input Manipulation
Loss of Integrity Upgrade
Exploit Commercial Vendor Verified


漏洞描述


时间线


2008-04-09

Unknow
Unknow Unknow


解决方案

Upgrade to version 9.0.124.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.


相关参考


漏洞作者

Unknown or Incomplete


漏洞信息

Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability

Input Validation Error

28695
Yes No
2008-04-08 12:00:00 2008-07-15 11:09:00

Mark Dowd of the ISS X-Force, wushi of team509


受影响的程序版本

Turbolinux wizpy 0

Turbolinux FUJI 0

SuSE SUSE Linux Enterprise Desktop 10 SP1

Sun Solaris 10.0_x86

Sun Solaris 10.0

Sun OpenSolaris build snv_88

S.u.S.E. openSUSE 10.3

S.u.S.E. openSUSE 10.2

S.u.S.E. Novell Linux Desktop 9

S.u.S.E. Linux 10.1 x86-64

S.u.S.E. Linux 10.1 x86

S.u.S.E. Linux 10.1 ppc

RedHat Enterprise Linux Extras 4

RedHat Enterprise Linux Extras 3

Red Hat Enterprise Linux Supplementary 5 server

Red Hat Enterprise Linux Desktop Supplementary 5 client

Nortel Networks Self-Service Peri Workstation 0

Nortel Networks Self-Service Peri Application 0

Nortel Networks Self-Service MPS 1000 0

Nortel Networks Self-Service Media Processing Server 0

Nortel Networks Self-Service – CCSS7 0

Nortel Networks Self-Service 0

Gentoo Linux

Apple Mac OS X Server 10.5.2

Apple Mac OS X Server 10.5.1

Apple Mac OS X Server 10.4.11

Apple Mac OS X Server 10.5

Apple Mac OS X 10.5.2

Apple Mac OS X 10.5.1

Apple Mac OS X 10.4.11

Apple Mac OS X 10.5

Adobe Flex 3.0

Adobe Flash Professional 8

Adobe Flash Player Plugin 9.0.31 .0

Adobe Flash Player Plugin 9.0.28 .0

Adobe Flash Player Plugin 9.0.20 .0

Adobe Flash Player Plugin 9.0.16

Adobe Flash Player Plugin 8.0

Adobe Flash Player Plugin 9.0.18d60

Adobe Flash Player 9.0.48.0

Adobe Flash Player 9.0.47.0

Adobe Flash Player 9.0.45.0

Adobe Flash Player 9.0.31.0

Adobe Flash Player 9.0.28.0

Adobe Flash Player 9.0.115.0

Adobe Flash Player 9

Adobe Flash Player 8.0.35.0

Adobe Flash Player 8.0.34.0

Adobe Flash CS3 Professional 0

Adobe Flash Basic 8

Adobe AIR 1.0

Adobe Flash Professional 8 8.0.42.0

Adobe Flash Player Plugin 9.0.124.0

Adobe Flash Player 9.0.124 .0

Adobe Flash Basic 8.0.42.0

Adobe AIR 1.01


不受影响的程序版本

Adobe Flash Professional 8 8.0.42.0

Adobe Flash Player Plugin 9.0.124.0

Adobe Flash Player 9.0.124 .0

Adobe Flash Basic 8.0.42.0

Adobe AIR 1.01


漏洞讨论

Adobe Flash Player is prone to a remote buffer-overflow vulnerability when handling multimedia files with certain tags.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Adobe Flash Player 9.0.115.0 and earlier versions are affected.

NOTE: This issue has been fixed in all versions of Adobe Flash Player 9.0.124.0.

Initial investigations suggested that the vulnerability had not been patched in the standalone Adobe Flash Player version 9.0.124.0 for Linux and the standalone Adobe Flash Player version 9.0.124.0 with debug capabilities for Microsoft Windows. The observed behavior that led to this initial conclusion has since been confirmed by Adobe as intended by design.


漏洞利用

“Application-Specific Attacks: Leveraging the ActionScript Virtual Machine”, a paper by Mark Dowd of X-Force IBM ISS, describes in detail the techniques required to exploit this issue and serves as a proof of concept. Please see the references for more information.

An exploit and a proof of concept are available for members of Immunity’s CANVAS Early Update Program:

https://www.immunityinc.com/downloads/immpartners/flash_duke.tgz
https://www.immunityinc.com/downloads/immpartners/CVE-2007-0071.tgz

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

Symantec has observed that this issue is being actively exploited in the wild.

UPDATE: Continued investigation reveals that this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages), most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.


解决方案

The vendor released Flash Player 9.0.124.0 to address this issue. Please see the references for more information.

Apple Mac OS X Server 10.5

 

 

Apple Mac OS X 10.5

 

 

Apple Mac OS X Server 10.4.11

 

 

Apple Mac OS X 10.4.11

 

 

Apple Mac OS X 10.5.1

 

 

Apple Mac OS X Server 10.5.1

 

 

Apple Mac OS X 10.5.2

 

 

Apple Mac OS X Server 10.5.2

 

 


相关参考

赞(0) 打赏
转载请附本站链接,未经允许不得转载,,谢谢:微慑信息网-VulSee.com » CVE-2007-0071-漏洞详情

评论 抢沙发

微慑信息网 专注工匠精神

微慑信息网-VulSee.com-关注前沿安全态势,聚合网络安全漏洞信息,分享安全文档案例

访问我们联系我们

觉得文章有用就打赏一下文章作者

非常感谢你的打赏,我们将继续提供更多优质内容,让我们一起创建更加美好的网络世界!

支付宝扫一扫

微信扫一扫

登录

找回密码

注册