Adobe Flash Player sequence code execution (Adobe_Flash_Player_SetNALUnit_Exec)

About this signature or vulnerability

IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network MFS, IBM Security Host Protection for Desktops, Proventia Network IPS, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware, IBM Security Host Protection for Servers (Unix):

This signature detects a specially crafted MP4 file that could cause an error in the sequenceParameterSetNALUnit component of Adobe Flash Player and allow remote code execution. The signature triggers when a certain value within the NAL Unit data exceeds pam.quicktime.set.nal.unit.limit (default 256)


Default risk level

High risk vulnerability  High

Sensors that have this signature

IBM Security Host Protection for Servers (Windows): 2.1.14.2735, RealSecure Server Sensor: XPU 32.021, Proventia Network IDS: XPU 32.021, Proventia-G 1.1 and earlier: XPU 32.021, Proventia Network MFS: XPU 32.021, IBM Security Host Protection for Desktops: 2735, Proventia Network IPS: XPU 32.021, Proventia Server IPS for Linux technology: 32.021, Virtual Server Protection for Vmware: XPU 32.021, IBM Security Host Protection for Servers (Unix): 2.2.2

Systems affected

Sun Solaris: 10, HP Systems Insight Manager: 4.2 SP1, HP Systems Insight Manager: 4.2 SP2, HP Systems Insight Manager: 5.0 SP1, HP Systems Insight Manager: 5.0 SP2, HP Systems Insight Manager: 5.0 SP3, RedHat RHEL Extras: 4, HP Systems Insight Manager: 5.0 SP5, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, HP Systems Insight Manager: 4.0, HP Systems Insight Manager: 5.0, Adobe Flash Player: 10.0.12.10, Adobe Flash Player: 10.0.0.584, Adobe Flash Player: 10.0.12.36, Adobe Flash Player: 10.0.22.87, Adobe Flash Player: 10.0.32.18, HP Systems Insight Manager: 5.3, HP Systems Insight Manager: 5.3 Update 1, HP Systems Insight Manager: 6.0, HP Systems Insight Manager: 6.1, Adobe Flash Player: 10.1.85.3, Adobe Flash Player: 10.1.95.2, Adobe Flash Player: 10.1.102.64, Adobe Flash Player: 10.2.154.13, Adobe Flash Player: 10.2.152.33, Adobe Flash Player: 10.2.152.21, Adobe Flash Player: 10.2.153.1, Adobe Flash Player: 10.2.154.25, Adobe Flash Player: 10.2.156.12, Adobe Flash Player: 10.2.157.51, Adobe Flash Player: 10.2.159.1, Adobe Flash Player: 10.2.154.28, Google Chrome: 13, Adobe Flash Player: 10.3.181.34, Adobe Flash Player: 10.3.181.25, BlackBerry BlackBerry PlayBook Tablet: 1.0.7.2942, Oracle Solaris: 11 Express, RedHat Enterprise Linux Server Supplementary : 6, RedHat Enterprise Linux Workstation Supplementary : 6, RedHat Enterprise Linux Desktop Supplementary : 6, HP Systems Insight Manager: 5.0 SP6, HP Systems Insight Manager: 6.2, HP Systems Insight Manager: 6.3

Type

Unauthorized Access Attempt

Vulnerability description

Adobe Flash Player could allow a remote attacker to execute arbitrary code on the system, caused by an error in the sequenceParameterSetNALUnit component. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system.

How to remove this vulnerability

Refer to APSB11-21 for patch, upgrade or suggested workaround information. See References.

For other distributions:
Apply the appropriate update for your system. See References.

References

APSB11-21
Security updates available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb11-21.html

ZDI-11-276
Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-276/

Blackberry Security Advisory KB28400
Vulnerabilities in Adobe Flash Player version included with the BlackBerry PlayBook tablet
http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB28400

Sun Product Security Blog, Nov 01, 2011
Multiple vulnerabilities in Adobe Flashplayer
http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer1

Sun Product Security Blog, Nov 01, 2011
Multiple vulnerabilities in Adobe Flashplayer
http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer2

Offensive Security Exploit Database [01-31-2012]
Adobe Flash Player MP4 SequenceParameterSetNALUnit Remote Code Execution Exploit
http://www.exploit-db.com/exploits/18437/

Offensive Security Exploit Database [02-10-2012]
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
http://www.exploit-db.com/exploits/18479/

HPSBMU02769 SSRT100846
HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, and Other Vulnerabilities
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151

ZDI-11-276
Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-276

ZDI-11-276
Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-276

ZDI-11-276
Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-276

ISS X-Force
Adobe Flash Player sequence code execution
http://www.iss.net/security_center/static/69102.php

CVE
CVE-2011-2140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2140