Executive Summary
Summary | |
---|---|
Title | Windows XP Macromedia Flash 6 ActiveX control use-after-free vulnerability |
Informations | |||
---|---|---|---|
Name | VU#204889 | First vendor Publication | 2010-01-12 |
Vendor | VU-CERT | Last vendor Modification | 2010-01-15 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#204889Windows XP Macromedia Flash 6 ActiveX control use-after-free vulnerabilityOverviewThe Macromedia Flash ActiveX control that is provided with Windows XP contains a memory corruption vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionMicrosoft Windows XP provides the Macromedia Flash ActiveX control. Depending on the patch level of the system, it may be provided by either flash.ocx or flash6.ocx. This ActiveX control contains a use-after-free vulnerability, which can result in heap memory corruption. Note that this vulnerability does not affect systems that have Flash 9 or later installed, as newer versions of the Flash installer will replace the Macromedia Flash control that is provided by Windows.II. ImpactBy convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code.III. SolutionWe are unaware of a practical solution to this problem. Please see Microsoft Security Advisory (979267) for some workarounds, including:Disable the Flash ActiveX control in Internet Explorer
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{D27CDB6E-AE6D-11cf-96B8-444553540000}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{D27CDB6E-AE6D-11cf-96B8-444553540000}] "Compatibility Flags"=dword:00000400 Adobe has provided instructions for removing the Flash 6 ActiveX control. Alternatively, a utility has been provided to automatically remove the Flash ActiveX control and plug-in. Apply an update This issue can be mitigated by installing the latest version of Adobe Flash. Flash 6 is no longer supported, and installing Adobe Flash 10 will replace the existing Flash ActiveX control(s). Disable ActiveX Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document. Systems Affected
References
This vulnerability was reported by Will Dormann of the CERT/CC, based on information provided by Chad Dougherty of the CERT/CC. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/204889 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-416 | Use After Free |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:7580 | |||
Oval ID: | oval:org.mitre.oval:def:7580 | ||
Title: | Use-after-free vulnerability in Adobe Flash Player 6.0.79 | ||
Description: | Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0378 | Version: | 13 |
Platform(s): | Microsoft Windows XP Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Adobe Flash Player |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2010-01-13 | Name : Adobe Flash Player Remote Code Execution Vulnerability (WinXP) File : nvt/gb_adobe_flash_player_remote_code_exec_vuln_winxp.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
61905 | Adobe Flash Player on Windows Use-after-free Movie Unloading Memory Corruption |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-01-18 | Name : The Flash ActiveX control installed on the remote Windows host has multiple v... File : smb_kb_979267.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:07:35 |
|
2013-05-11 00:56:55 |
|