HighBlackICE Server Protection, BlackICE PC Protection, RealSecure Server Sensor, RealSecure Network, Proventia-G 1.1 and earlier, Proventia Desktop, Proventia Network IPS, Proventia Server IPS for Linux technology, Proventia Network MFS, Proventia Server IPS for Microsoft Windows technology:
This signature detects an overflow in a multimedia file that couldresult in remote code execution.
High
BlackICE Server Protection: 3.6.cqr, BlackICE PC Protection: 3.6cqr, RealSecure Server Sensor: XPU 27.110, RealSecure Network: XPU 27.110, Proventia-G 1.1 and earlier: XPU 27.110, Proventia Desktop: 2120, Proventia Network IPS: XPU 27.110, Proventia Server IPS for Linux technology: 27.110, Proventia Network MFS: XPU 27.110, Proventia Server IPS for Microsoft Windows technology: 1.0.914.2120
Adobe Flash Player: 8.0.39.0, Sun OpenSolaris: 2008.5 x86, Adobe Flash Player: 9.0.124.0, Sun OpenSolaris: 2008.5 SPARC, Novell OpenSUSE: 10.3, Novell OpenSUSE: 10.2, Apple Mac OS X: 10.5, Apple Mac OS X: 10.4.11, Apple Mac OS X: 10.5.1, Apple Mac OS X Server: 10.5, RedHat RHEL Supplementary: 5 Server, RedHat RHEL Desktop Supplementary: 5 Client, Novell SUSE Linux Enterprise Desktop: 10 SP1, Apple Mac OS X Server: 10.5.1, Adobe Flash Player: 9.0.28, Apple Mac OS X Server: 10.4.11, Adobe Flash Player: 9.0.16, Adobe Flash Player: 8.0, Adobe Flash Player: 9.0.47.0, Adobe Flash Player: 9.0.48.0, Adobe Flash Player: 9.0.115.0, Adobe Flash Player: 9.0.45.0, Adobe Flash Player: 8.0.35.0, Adobe Flash Player: 8.0.34.0, Adobe Flash Player: 9.0.31, Adobe Flash Player: 9.0.20.0, Adobe Flash Player: 9.0.18d60, Adobe Flash Player: 9.0.28.0, Adobe Flash Player: 9.0.31.0, Apple Mac OS X: 10.5.2, Apple Mac OS X Server: 10.5.2, Adobe Flex: 3.0, Adobe AIR: 1.0, Adobe Flash Player: 8.0.24.0, Adobe Flash Player: 9.0.114.0, Adobe Flash Player: 9.0.20, Adobe Flash Player: 9, RedHat RHEL Extras: 4, RedHat RHEL Extras: 3, Sun Solaris: 10 SPARC, Sun Solaris: 10 x86, Novell Linux Desktop: 9, SuSE SuSE Linux: 9.0, Gentoo Linux
Unauthorized Access Attempt
Adobe Flash Player is vulnerable to a buffer overflow, caused by an integer overflow vulnerability in the processing of multimedia files containing a specific tag. By persuading a victim to open a malicious multimedia file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Refer to APSB08-11 for patch, upgrade or suggested workaround information. See References.
For Mac OS X:
Apply Security Update 2008-003, available from the Apple Web site. See References.
For other distributions:
Apply the appropriate update for your system. See References.
IBM Internet Security Systems Protection Advisory, April 8, 2008
Adobe Flash Player Invalid Pointer Vulnerability
http://www.iss.net/threats/289.html
APSB08-11
Flash Player update available to address security vulnerabilities
http://www.adobe.com/support/security/bulletins/apsb08-11.html
SANS - Internet Storm Center, 2008-05-27
Adobe flash player vuln
http://isc.sans.org/diary.html?storyid=4465
Adobe Product Security Incident Response Team (PSIRT) Blog, May 27, 2008 11:05 AM
Potential Flash Player issue
http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
Dancho Danchev's Blog, Tuesday, May 27, 2008
Malware Attack Exploiting Flash Zero Day Vulnerability
http://ddanchev.blogspot.com/2008/05/malware-attack-exploiting-flash-zero.html
Apple Web site
About the security content of Security Update 2008-003 / Mac OS X 10.5.3
http://support.apple.com/kb/HT1897
Sun Alert ID: 238305
Multiple Security Vulnerabilities in Flash Player for Solaris
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238305-1
NORTEL BULLETIN ID: 2008008954, Rev 1
Nortel Response to Sun Alert 238305 - Multiple Security Vulnerabilities in Flash Player for Solaris 10
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=745016
ISS X-Force
Adobe Flash Player invalid pointer integer overflow
http://www.iss.net/security_center/static/37277.php
CVE
CVE-2007-0071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071