=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN182
_____________________________________________________________________

DATE                      : 28/05/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Adobe Flash player.

======================================================================
http://www.kb.cert.org/vuls/id/395473
______________________________________________________________________

Vulnerability Note VU#395473

Adobe Flash player code execution vulnerability

Overview

   Adobe Flash contains a vulnerability that may allow an attacker to run
   code on a vulnerable system. There are reports that this vulnerability
   is being actively exploited.

I. Description

   The Adobe Flash Player is a player for the Flash media format and
    enables frame-based animations and multimedia to be viewed within
    a web browser.

   Adobe Flash Player contains an code execution vulnerability. An
   attacker may be able to trigger this overflow by convincing a user
   to open a specially crafted SWF file. The SWF file could be hosted
   or imbedded in a web page.
   If an attacker can take control of a web site or web server, this
   vulnerability may be exploited by trusted sites.

II. Impact

   A remoted, unauthenticated attacker may be able to execute arbitrary
   code.

III. Solution

   We are currently unaware of a solution to this problem.

   Workarounds for administrators

     * Ensure that security updates are applied to software running on
       the server.
     * Reverse proxy servers and web application firewalls may be able to
       detect and block some attacks.
     * Administrators and web developers should confirm that third
       parties (such as ad providers) hosting content on their domain are
       not acting as attack vectors for this vulnerability.

   Workarounds for users

     * Using the Mozilla Firefox NoScript extension to whitelist web
       sites that can run scripts and access installed plugins may
       prevent this vulnerability from being exploited. Note that
       NoScript is not likely to stop all attack vectors for this
       vulnerability, see the NoScript FAQ for more information.

Systems Affected

   Vendor	Status	        Date Updated
   Adobe	        Vulnerable	27-May-2008

References

   http://isc.sans.org/diary.html?storyid=4465
   http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
   http://www.securityfocus.com/bid/29386
   http://noscript.net/
   http://www.stopbadware.org/home/security
   http://www.owasp.org/index.php/Web_Application_Firewall
 
http://ddanchev.blogspot.com/2008/05/malware-attack-exploiting-flash-zero.html

Credit

   Thanks to SANS for information that was used in this report.

   This document was written by Ryan Giobbi.

Other Information

   Date Public 05/27/2008
   Date First Published 05/27/2008 06:20:57 PM
   Date Last Updated 05/27/2008
   CERT Advisory	
   CVE Name	
   US-CERT Technical Alerts	
   Metric 65.81
   Document Revision 18


======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================