| CVE-2007-0071 |
|
发布时间 :2008-04-09 17:05:00 | ||
| 修订时间 :2011-03-07 00:00:00 | ||||
| NMCOPS |
[原文]Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.
[CNNVD]Adobe Flash Player整数溢出漏洞(CNNVD-200804-112)
Flash Player是一款非常流行的FLASH播放器 。
Flash Player 9.0.115.0版本以更早版本中存在整数溢出漏洞。远程攻击者可以借助一个场景的特制SWF文件的任意代码计数的值,用来抵消一个NULL指针,触发缓冲区溢出,导致任意代码执行。
–
CVSS (基础分值)
| CVSS分值: | 9.3 | [严重(HIGH)] |
| 机密性影响: | COMPLETE | [完全的信息泄露导致所有系统文件暴露] |
| 完整性影响: | COMPLETE | [系统完整性可被完全破坏] |
| 可用性影响: | COMPLETE | [可能导致系统完全宕机] |
| 攻击复杂度: | MEDIUM | [漏洞利用存在一定的访问条件] |
| 攻击向量: | NETWORK | [攻击者不需要获取内网访问权或本地访问权] |
| 身份认证: | NONE | [漏洞利用无需身份认证] |
–
CWE (弱点类目)
| CWE-189 | [数值错误] |
–
CPE (受影响的平台与产品)
| cpe:/a:adobe:flex:3.0 | |
| cpe:/a:adobe:flash_player:8.0::pro | |
| cpe:/a:adobe:flash_player:9.0.16 | Adobe Flash Player 9.0.16 |
| cpe:/a:adobe:flash_player:9.0.31 | Adobe Flash Player 9.0.31 |
| cpe:/a:adobe:flash_player:8.0 | Adobe Flash Player 8.0 |
| cpe:/a:adobe:flash_player:8.0.24.0 | Adobe Flash 8.0.24.0 |
| cpe:/a:adobe:flash_player:9.0.47.0 | Adobe Flash Player 9.0.47.0 |
| cpe:/a:adobe:flash_player:7.0.1 | Adobe Flash MX 2004 |
| cpe:/a:adobe:flash_player:7.0.63 | Adobe Flash Player 7.0.63 |
| cpe:/a:adobe:flash_player:8.0.34.0 | Adobe Flash Player 8.0.34.0 |
| cpe:/a:adobe:flash_player:8.0::basic | |
| cpe:/a:adobe:flash_player:7.1.1 | Adobe Flash MX 2004 |
| cpe:/a:adobe:flash_player:7.2 | Adobe Flash MX 2004 |
| cpe:/a:adobe:flash_player:9.0.28.0 | Adobe Flash Player 9.0.28.0 |
| cpe:/a:adobe:flash_player:9.0.114.0 | Adobe Flash Player 9.0.114.0 |
| cpe:/a:adobe:flash_player:9.0.31.0 | Adobe Flash Player 9.0.31.0 |
| cpe:/a:adobe:flash_player:8.0.35.0 | Adobe Flash Player 8.0.35.0 |
| cpe:/a:adobe:air:1.0 | |
| cpe:/a:adobe:flash_player:7.0.25 | Adobe Flash Player 7.0.25 |
| cpe:/a:adobe:flash_player:7.0 | Adobe Flash MX 2004 |
| cpe:/a:adobe:flash_player:9.0.48.0 | Adobe Flash Player 9.0.48.0 |
| cpe:/a:adobe:flash_player:9.0.20 | Adobe Flash Player 9.0.20 |
| cpe:/a:adobe:flash_player:7.1 | Adobe Flash MX 2004 |
| cpe:/a:adobe:flash_player:9.0.112.0 | Adobe Flash Player 9.0.112.0 |
| cpe:/a:adobe:flash_player:9 | |
| cpe:/a:adobe:flash_player:9.0.20.0 | Adobe Flash Player 9.0.20.0 |
| cpe:/a:adobe:flash_player:9.0.45.0 | Adobe Flash Player 9.0.45.0 |
| cpe:/a:adobe:flash_player:8.0.39.0 | Adobe Flash Player 8.0.39.0 |
| cpe:/a:adobe:flash_player:9.0.115.0 | Adobe Flash Player 9.0.115.0 |
–
OVAL (用于检测的技术细节)
| oval:org.mitre.oval:def:10379 | Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code vi… |
| oval:org.mitre.oval:def:22542 | ELSA-2008:0221: flash-plugin security update (Critical) |
| *OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。 | |
–
官方数据库链接
–
其它链接及资源
–
漏洞信息
| Adobe Flash Player整数溢出漏洞 | |
| 高危 | 数字错误 |
| 2008-04-09 00:00:00 | 2009-02-03 00:00:00 |
| 远程 | |
| Flash Player是一款非常流行的FLASH播放器 。
Flash Player 9.0.115.0版本以更早版本中存在整数溢出漏洞。远程攻击者可以借助一个场景的特制SWF文件的任意代码计数的值,用来抵消一个NULL指针,触发缓冲区溢出,导致任意代码执行。 |
|
–
公告与补丁
| 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: |
–
漏洞信息 (F65643)
| Gentoo Linux Security Advisory 200804-21 (PacketStormID:F65643) |
2008-04-18 00:00:00 |
| Gentoo security.gentoo.org |
advisory,arbitrary,vulnerability,code execution |
linux,gentoo |
CVE-2007-0071,CVE-2007-5275,CVE-2007-6019,CVE-2007-6243,CVE-2007-6637,CVE-2008-1654,CVE-2008-1655 |
[点击下载] |
|
Gentoo Linux Security Advisory GLSA 200804-21 – Multiple vulnerabilities have been identified, the worst of which allow arbitrary code execution on a user’s system via a malicious Flash file. Versions less than 9.0.124.0 are affected. |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200804-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: April 18, 2008
Bugs: #204344
ID: 200804-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been identified, the worst of which allow
arbitrary code execution on a user's system via a malicious Flash file.
Background
==========
The Adobe Flash Player is a renderer for the popular SWF file format,
which is commonly used to provide interactive websites, digital
experiences and mobile content.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-www/netscape-flash < 9.0.124.0 >= 9.0.124.0
Description
===========
Multiple vulnerabilities have been discovered in Adobe Flash:
* Secunia Research and Zero Day Initiative reported a boundary error
related to DeclareFunction2 Actionscript tags in SWF files
(CVE-2007-6019).
* The ISS X-Force and the Zero Day Initiative reported an unspecified
input validation error that might lead to a buffer overflow
(CVE-2007-0071).
* Microsoft, UBsecure and JPCERT/CC reported that cross-domain policy
files are not checked before sending HTTP headers to another domain
(CVE-2008-1654) and that it does not sufficiently restrict the
interpretation and usage of cross-domain policy files
(CVE-2007-6243).
* The Stanford University and Ernst and Young's Advanced Security
Center reported that Flash does not pin DNS hostnames to a single IP
addresses, allowing for DNS rebinding attacks (CVE-2007-5275,
CVE-2008-1655).
* The Google Security Team and Minded Security Multiple reported
multiple cross-site scripting vulnerabilities when passing input to
Flash functions (CVE-2007-6637).
Impact
======
A remote attacker could entice a user to open a specially crafted file
(usually in a web browser), possibly leading to the execution of
arbitrary code with the privileges of the user running the Adobe Flash
Player. The attacker could also cause a user's machine to send HTTP
requests to other hosts, establish TCP sessions with arbitrary hosts,
bypass the security sandbox model, or conduct Cross-Site Scripting and
Cross-Site Request Forgery attacks.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=net-www/netscape-flash-9.0.124.0"
References
==========
[ 1 ] CVE-2007-0071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071
[ 2 ] CVE-2007-5275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275
[ 3 ] CVE-2007-6019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019
[ 4 ] CVE-2007-6243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
[ 5 ] CVE-2007-6637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637
[ 6 ] CVE-2008-1654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654
[ 7 ] CVE-2008-1655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200804-21.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
–
漏洞信息
44282 |
|
| Adobe Flash Player Unspecified Input Validation Arbitrary Code Execution | |
Input Manipulation |
|
| Loss of Integrity | Upgrade |
| Exploit Commercial | Vendor Verified |
–
漏洞描述
–
时间线
2008-04-09 |
Unknow |
| Unknow | Unknow |
–
解决方案
| Upgrade to version 9.0.124.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
–
相关参考
漏洞作者
| Unknown or Incomplete |
–
漏洞信息
| Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability | |
Input Validation Error |
28695 |
| Yes | No |
| 2008-04-08 12:00:00 | 2008-07-15 11:09:00 |
Mark Dowd of the ISS X-Force, wushi of team509 |
|
–
受影响的程序版本
| Turbolinux wizpy 0
Turbolinux FUJI 0 SuSE SUSE Linux Enterprise Desktop 10 SP1 Sun Solaris 10.0_x86 Sun Solaris 10.0 Sun OpenSolaris build snv_88 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc RedHat Enterprise Linux Extras 4 RedHat Enterprise Linux Extras 3 Red Hat Enterprise Linux Supplementary 5 server Red Hat Enterprise Linux Desktop Supplementary 5 client Nortel Networks Self-Service Peri Workstation 0 Nortel Networks Self-Service Peri Application 0 Nortel Networks Self-Service MPS 1000 0 Nortel Networks Self-Service Media Processing Server 0 Nortel Networks Self-Service – CCSS7 0 Nortel Networks Self-Service 0 Gentoo Linux Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.5 Adobe Flex 3.0 Adobe Flash Professional 8 Adobe Flash Player Plugin 9.0.31 .0 Adobe Flash Player Plugin 9.0.28 .0 Adobe Flash Player Plugin 9.0.20 .0 Adobe Flash Player Plugin 9.0.16 Adobe Flash Player Plugin 8.0 Adobe Flash Player Plugin 9.0.18d60 Adobe Flash Player 9.0.48.0 Adobe Flash Player 9.0.47.0 Adobe Flash Player 9.0.45.0 Adobe Flash Player 9.0.31.0 Adobe Flash Player 9.0.28.0 Adobe Flash Player 9.0.115.0 Adobe Flash Player 9 Adobe Flash Player 8.0.35.0 Adobe Flash Player 8.0.34.0 Adobe Flash CS3 Professional 0 Adobe Flash Basic 8 Adobe AIR 1.0 Adobe Flash Professional 8 8.0.42.0 Adobe Flash Player Plugin 9.0.124.0 Adobe Flash Player 9.0.124 .0 Adobe Flash Basic 8.0.42.0 Adobe AIR 1.01 |
–
不受影响的程序版本
| Adobe Flash Professional 8 8.0.42.0
Adobe Flash Player Plugin 9.0.124.0 Adobe Flash Player 9.0.124 .0 Adobe Flash Basic 8.0.42.0 Adobe AIR 1.01 |
–
漏洞讨论
| Adobe Flash Player is prone to a remote buffer-overflow vulnerability when handling multimedia files with certain tags.
An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Flash Player 9.0.115.0 and earlier versions are affected. NOTE: This issue has been fixed in all versions of Adobe Flash Player 9.0.124.0. Initial investigations suggested that the vulnerability had not been patched in the standalone Adobe Flash Player version 9.0.124.0 for Linux and the standalone Adobe Flash Player version 9.0.124.0 with debug capabilities for Microsoft Windows. The observed behavior that led to this initial conclusion has since been confirmed by Adobe as intended by design. |
–
漏洞利用
| “Application-Specific Attacks: Leveraging the ActionScript Virtual Machine”, a paper by Mark Dowd of X-Force IBM ISS, describes in detail the techniques required to exploit this issue and serves as a proof of concept. Please see the references for more information.
An exploit and a proof of concept are available for members of Immunity’s CANVAS Early Update Program: https://www.immunityinc.com/downloads/immpartners/flash_duke.tgz Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild. Symantec has observed that this issue is being actively exploited in the wild. UPDATE: Continued investigation reveals that this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages), most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue. |
–
解决方案
–
相关参考
|
![[八卦] 王婷婷—揭秘一个大三女生的性爱录像-微慑信息网-VulSee.com](http://free.86hy.com/crack/pic/1.jpg)
![[随笔]今天国际警察节-微慑信息网-VulSee.com](http://photo.sohu.com/20041017/Img222528326.jpg)
青云网
