9.3 - GLSA-200708-01

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Macromedia Flash Player: Remote arbitrary code execution

Informations
Name	GLSA-200708-01	First vendor Publication	2007-08-08
Vendor	Gentoo	Last vendor Modification	2007-08-08
Severity (Vendor)	Normal	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been discovered in Macromedia Flash Player, allowing for the remote execution of arbitrary code.

Background

The Macromedia Flash Player is a renderer for the popular SWF file type which is commonly used to provide interactive websites, digital experiences and mobile content.

Description

Mark Hills discovered some errors when interacting with a browser for keystrokes handling (CVE-2007-2022). Stefano Di Paola and Giorgio Fedon from Minded Security discovered a boundary error when processing FLV files (CVE-2007-3456). An input validation error when processing HTTP referrers has also been reported (CVE-2007-3457).

Impact

A remote attacker could entice a user to open a specially crafted file, possibly leading to the execution of arbitrary code with the privileges of the user running the Macromedia Flash Player, or sensitive data access.

Workaround

There is no known workaround at this time.

Resolution

All Macromedia Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/netscape-flash-9.0.48.0"

References

[ 1 ] CVE-2007-2022 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2022
[ 2 ] CVE-2007-3456 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456
[ 3 ] CVE-2007-3457 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3457

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200708-01.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200708-01.xml

CWE : Common Weakness Enumeration

%	Id	Name
33 %	CWE-352	Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)
33 %	CWE-200	Information Exposure
33 %	CWE-189	Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11493

Oval ID:	oval:org.mitre.oval:def:11493
Title:	Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.
Description:	Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-3456	Version:	3
Platform(s):	Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5	Product(s):
Definition Synopsis:
IF redhat-release is version 3 AND flash-plugin is earlier than 0:9.0.48.0-1.el3.with.oss OR redhat-release is version 4 AND flash-plugin is earlier than 0:9.0.48.0-1.el4 OR redhat-release is version 5 AND flash-plugin is earlier than 0:9.0.48.0-1.el5

Definition Id: oval:org.mitre.oval:def:21835

Oval ID:	oval:org.mitre.oval:def:21835
Title:	ELSA-2007:0494: kdebase security update (Important)
Description:	Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.
Family:	unix	Class:	patch
Reference(s):	ELSA-2007:0494-02 CVE-2007-2022	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	kdebase
Definition Synopsis:
Oracle Linux 5.x rpm test kdebase is earlier than 6:3.5.4-13.6.el5 AND kdebase-devel is earlier than 6:3.5.4-13.6.el5

Definition Id: oval:org.mitre.oval:def:22507

Oval ID:	oval:org.mitre.oval:def:22507
Title:	ELSA-2007:0696: flash-plugin security update (Critical)
Description:	Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.
Family:	unix	Class:	patch
Reference(s):	ELSA-2007:0696-01 CVE-2007-3456	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	flash-plugin
Definition Synopsis:
Oracle Linux 5.x AND flash-plugin is earlier than 0:9.0.48.0-1.el5

Definition Id: oval:org.mitre.oval:def:24920

Oval ID:	oval:org.mitre.oval:def:24920
Title:	Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet
Description:	Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2007-2022	Version:	7
Platform(s):	Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2	Product(s):	Adobe Flash Player
Definition Synopsis:
Adobe Flash Player section Adobe Flash Player 9 is installed AND Adobe Flash Player version is equal to 9.0.28.0 OR Flash.ocx section ActiveX Control is installed AND Determine if the version of Flash.ocx is equals to 9.0.28.0 AND Determine if the version of Flash.ocx is greater than or equal 9.0

Definition Id: oval:org.mitre.oval:def:29400

Oval ID:	oval:org.mitre.oval:def:29400
Title:	Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers (CVE-2007-3457)
Description:	Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2007-3457	Version:	2
Platform(s):	Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2	Product(s):	Adobe Flash Player
Definition Synopsis:
Determine if the version of Adobe Flash Player on Windows is less than or equal 8.0.34.0 Adobe Flash Player is installed AND Adobe Flash Player version is less than or equal to 8.0.34.0 OR Flash.ocx section ActiveX Control is installed AND Determine if the version of Flash.ocx is less than or equal 8.0.34.0

Definition Id: oval:org.mitre.oval:def:9332

Oval ID:	oval:org.mitre.oval:def:9332
Title:	Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.
Description:	Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-2022	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section kdebase is earlier than 6:3.1.3-5.16 AND kdebase-devel is earlier than 6:3.1.3-5.16 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section kdebase is earlier than 6:3.3.1-5.19.rhel4 AND kdebase-devel is earlier than 6:3.3.1-5.19.rhel4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section kdebase is earlier than 6:3.5.4-13.6.el5 AND kdebase-devel is earlier than 6:3.5.4-13.6.el5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Adobe Flash Player cpe:2.3:a:adobe:flash_player:9.0.9.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.8.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.45.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.31.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.31:::::::* cpe:2.3:a:adobe:flash_player:9.0.28.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.28.0::mac_os_x::::: cpe:2.3:a:adobe:flash_player:9.0.28:::::::* cpe:2.3:a:adobe:flash_player:9.0.20.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.20:::::::* cpe:2.3:a:adobe:flash_player:9.0.18d60:::::::* cpe:2.3:a:adobe:flash_player:9.0.16.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.16:::::::* cpe:2.3:a:adobe:flash_player:9.0.16::windows::::: cpe:2.3:a:adobe:flash_player:9.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.42.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.39.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.35.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.34.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.33.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.24.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.22.0:::::::* cpe:2.3:a:adobe:flash_player:8.0:::::::* cpe:2.3:a:adobe:flash_player:8.0::pro::::: cpe:2.3:a:adobe:flash_player:8.0::basic::::: cpe:2.3:a:adobe:flash_player:8::professional::::: cpe:2.3:a:adobe:flash_player:8::pro::::: cpe:2.3:a:adobe:flash_player:7.2:::::::* cpe:2.3:a:adobe:flash_player:7.1.1:::::::* cpe:2.3:a:adobe:flash_player:7.1:::::::* cpe:2.3:a:adobe:flash_player:7.0.73.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.70.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.69.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.68.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.67.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.66.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.63:::::::* cpe:2.3:a:adobe:flash_player:7.0.63::linux::::: cpe:2.3:a:adobe:flash_player:7.0.61.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.60.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.53.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.25:::::::* cpe:2.3:a:adobe:flash_player:7.0.24.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.19.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.14.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.1:::::::* cpe:2.3:a:adobe:flash_player:7.0_r67::solaris::::: cpe:2.3:a:adobe:flash_player:7.0_r67:::::::* cpe:2.3:a:adobe:flash_player:7.0:::::::* cpe:2.3:a:adobe:flash_player:6.0.79:::::::* cpe:2.3:a:adobe:flash_player:6.0.21.0:::::::* cpe:2.3:a:adobe:flash_player:6:::::::* cpe:2.3:a:adobe:flash_player:5:::::::* cpe:2.3:a:adobe:flash_player:4:::::::* cpe:2.3:a:adobe:flash_player:3:::::::* cpe:2.3:a:adobe:flash_player:2:::::::* cpe:2.3:a:adobe:flash_player:mx_2004:::::::* cpe:2.3:a:adobe:flash_player:cs4::pro::::: cpe:2.3:a:adobe:flash_player:cs3::pro::::: cpe:2.3:a:adobe:flash_player:cs3::professional::::: cpe:2.3:a:adobe:flash_player:::::::: cpe:2.3:a:adobe:flash_player:::basic:::::* cpe:2.3:a:adobe:flash_player:::pro:::::* cpe:2.3:a:adobe:flash_player::::::edge::* cpe:2.3:a:adobe:flash_player::::::internet_explorer_11::* cpe:2.3:a:adobe:flash_player::::::chrome::* cpe:2.3:a:adobe:flash_player:-:::::::*	67
Application	Opera Opera Browser cpe:2.3:a:opera:opera_browser:9.12:::::::* cpe:2.3:a:opera:opera_browser:9.10:::::::* cpe:2.3:a:opera:opera_browser:9.02:::::::* cpe:2.3:a:opera:opera_browser:9.01:::::::* cpe:2.3:a:opera:opera_browser:9.0:beta1:::::: cpe:2.3:a:opera:opera_browser:9.0:beta2:::::: cpe:2.3:a:opera:opera_browser:9.0:::::::* cpe:2.3:a:opera:opera_browser:8.54:::::::* cpe:2.3:a:opera:opera_browser:8.53:::::::* cpe:2.3:a:opera:opera_browser:8.52:::::::* cpe:2.3:a:opera:opera_browser:8.51:::::::* cpe:2.3:a:opera:opera_browser:8.50:::::::* cpe:2.3:a:opera:opera_browser:8.02:::::::* cpe:2.3:a:opera:opera_browser:8.01:::::::* cpe:2.3:a:opera:opera_browser:8.0:beta1:::::: cpe:2.3:a:opera:opera_browser:8.0:beta2:::::: cpe:2.3:a:opera:opera_browser:8.0:beta3:::::: cpe:2.3:a:opera:opera_browser:8.0:::::::* cpe:2.3:a:opera:opera_browser:7.60:::::::* cpe:2.3:a:opera:opera_browser:7.54:update2:::::: cpe:2.3:a:opera:opera_browser:7.54:::::::* cpe:2.3:a:opera:opera_browser:7.54:update1:::::: cpe:2.3:a:opera:opera_browser:7.53:::::::* cpe:2.3:a:opera:opera_browser:7.52:::::::* cpe:2.3:a:opera:opera_browser:7.51:::::::* cpe:2.3:a:opera:opera_browser:7.50:beta1:::::: cpe:2.3:a:opera:opera_browser:7.50:::::::* cpe:2.3:a:opera:opera_browser:7.23:::::::* cpe:2.3:a:opera:opera_browser:7.22:::::::* cpe:2.3:a:opera:opera_browser:7.21:::::::* cpe:2.3:a:opera:opera_browser:7.20:beta7:::::: cpe:2.3:a:opera:opera_browser:7.20:::::::* cpe:2.3:a:opera:opera_browser:7.11:::::::* cpe:2.3:a:opera:opera_browser:7.11:beta2:::::: cpe:2.3:a:opera:opera_browser:7.10:beta1:::::: cpe:2.3:a:opera:opera_browser:7.10:::::::* cpe:2.3:a:opera:opera_browser:7.03:::::::* cpe:2.3:a:opera:opera_browser:7.02:::::::* cpe:2.3:a:opera:opera_browser:7.01:::::::* cpe:2.3:a:opera:opera_browser:7.0:::::::* cpe:2.3:a:opera:opera_browser:7.0:beta1_v2:::::: cpe:2.3:a:opera:opera_browser:7.0:beta1:::::: cpe:2.3:a:opera:opera_browser:7.0:beta2:::::: cpe:2.3:a:opera:opera_browser:6.12:::::::* cpe:2.3:a:opera:opera_browser:6.11:::::::* cpe:2.3:a:opera:opera_browser:6.1:beta1:::::: cpe:2.3:a:opera:opera_browser:6.1:::::::* cpe:2.3:a:opera:opera_browser:6.06:::::::* cpe:2.3:a:opera:opera_browser:6.05:::::::* cpe:2.3:a:opera:opera_browser:6.04:::::::* cpe:2.3:a:opera:opera_browser:6.03:::::::* cpe:2.3:a:opera:opera_browser:6.02:::::::* cpe:2.3:a:opera:opera_browser:6.01:::::::* cpe:2.3:a:opera:opera_browser:6.0:beta1:::::: cpe:2.3:a:opera:opera_browser:6.0:tp1:::::: cpe:2.3:a:opera:opera_browser:6.0:beta2:::::: cpe:2.3:a:opera:opera_browser:6.0:::::::* cpe:2.3:a:opera:opera_browser:6.0:tp2:::::: cpe:2.3:a:opera:opera_browser:6.0:tp3:::::: cpe:2.3:a:opera:opera_browser:5.12:::::::* cpe:2.3:a:opera:opera_browser:5.11:::::::* cpe:2.3:a:opera:opera_browser:5.10:::::::* cpe:2.3:a:opera:opera_browser:5.02:::::::* cpe:2.3:a:opera:opera_browser:5.0:beta6:::::: cpe:2.3:a:opera:opera_browser:5.0:beta7:::::: cpe:2.3:a:opera:opera_browser:5.0:beta2:::::: cpe:2.3:a:opera:opera_browser:5.0:beta5:::::: cpe:2.3:a:opera:opera_browser:5.0:beta4:::::: cpe:2.3:a:opera:opera_browser:5.0:::::::* cpe:2.3:a:opera:opera_browser:5.0:beta8:::::: cpe:2.3:a:opera:opera_browser:5.0:beta3::::::	71

OpenVAS Exploits

Date	Description
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-10-10	Name : SLES9: Security update for kdebase3 File : nvt/sles9p5014984.nasl
2009-04-09	Name : Mandriva Update for kdebase MDKSA-2007:138 (kdebase) File : nvt/gb_mandriva_MDKSA_2007_138.nasl
2009-01-28	Name : SuSE Update for flash-player SUSE-SA:2007:046 File : nvt/gb_suse_2007_046.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200708-01 (netscape-flash) File : nvt/glsa_200708_01.nasl
2008-09-04	Name : FreeBSD Ports: linux-flashplugin File : nvt/freebsd_linux-flashplugin1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
38054	Adobe Flash Player Crafted FLV / SWF Handling Overflow
38049	Adobe Flash Player HTTP Referer Header CSRF Flash Player 9.0.45.0 and earlier allow an attacker to manipulate HTTP referrer headers by way of ActionScript. This allows an attacker to spoof the origin of a request and bypass common filters to prevent CSRF. An attacker could leverage this for to issue a CSRF from outside of the target's domain.
34140	Adobe Macromedia Flash Player Plug-in Multiple Browser Remote Keystroke Discl...

Snort® IPS/IDS

Date	Description
2014-01-10	Adobe FLV long string script data buffer overflow attempt RuleID : 12183 - Revision : 18 - Type : FILE-FLASH

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0494.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070613_kdebase_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-0696.nasl - Type : ACT_GATHER_INFO
2007-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_flash-player-3890.nasl - Type : ACT_GATHER_INFO
2007-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kdebase3-3407.nasl - Type : ACT_GATHER_INFO
2007-11-14	Name : The remote host is missing a Mac OS X update which fixes a security issue. File : macosx_10_4_11.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_flash-player-3889.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_kdebase3-3347.nasl - Type : ACT_GATHER_INFO
2007-08-13	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200708-01.nasl - Type : ACT_GATHER_INFO
2007-07-18	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b42e8c3234f611dc9bc9001921ab2fa4.nasl - Type : ACT_GATHER_INFO
2007-07-11	Name : The remote Windows host contains a browser plugin that is affected by multipl... File : flash_player_apsb07-12.nasl - Type : ACT_GATHER_INFO
2007-07-04	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-138.nasl - Type : ACT_GATHER_INFO
2007-06-14	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0494.nasl - Type : ACT_GATHER_INFO
2007-06-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0494.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:35:01	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	3
Oval ID(s)	6
CPE ID(s)	138
osvdb(s)	3
Openvas Exploit(s)	6
Snort® Rule(s)	1
Nessus® Exploit(s)	14

	Related
9.3	CVE-2007-3456
6.8	CVE-2007-2022
4.3	CVE-2007-3457
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)