HighProventia Desktop, Proventia Network IPS, RealSecure Network, RealSecure Server Sensor, Proventia Network MFS, Proventia Network IDS, Proventia-G 1.1 and earlier, IBM Security Server Protection for Windows, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:
This signature detects the transfer of a SWF file (Flash animation) containing a suspicious ActionScript definition that may be used to obfuscate an attacker's malicious actions.
Proventia Desktop, Proventia Network IPS, RealSecure Network, RealSecure Server Sensor, Proventia Network MFS, Proventia Network IDS, Proventia-G 1.1 and earlier, IBM Security Server Protection for Windows, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology: This signature could be triggered by non-malicious SWF files that have extensive custom atypical ActionScript code.
High
Proventia Desktop: 2400, Proventia Network IPS: XPU 29.060, RealSecure Network: XPU 29.060, RealSecure Server Sensor: XPU 29.060, Proventia Network MFS: XPU 29.060, Proventia Network IDS: XPU 29.060, Proventia-G 1.1 and earlier: XPU 29.060, IBM Security Server Protection for Windows: 1.0.914.2400, IBM Security Server Protection for Windows: 2.0.300.2400, IBM Security Server Protection for Windows: 2.1.14.2400, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 29.060
Gentoo Linux, SUSE SuSE Linux: 9.0, Novell Linux Desktop: 9, Sun Solaris: 10 SPARC, Sun Solaris: 10 x86, RedHat RHEL Extras: 3, RedHat RHEL Extras: 4, Adobe Flash Player: 9, Novell SUSE Linux Enterprise Desktop: 10 SP1, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, Apple Mac OS X: 10.5, Apple Mac OS X Server: 10.5, Apple Mac OS X: 10.4.11, Apple Mac OS X: 10.5.1, Apple Mac OS X Server: 10.4.11, Apple Mac OS X Server: 10.5.1, Adobe Flash Player: 9.0.28, Adobe Flash Player: 9.0.31, Adobe Flash Player: 8.0.34.0, Adobe Flash Player: 8.0.35.0, Adobe Flash Player: 9.0.45.0, Adobe Flash Player: 9.0.47.0, Adobe Flash Player: 9.0.48.0, Adobe Flash Player: 9.0.115.0, Adobe Flash Player: 8.0, Adobe Flash Player: 9.0.16, Adobe Flash Player: 9.0.18d60, Adobe Flash Player: 9.0.20.0, Adobe Flash Player: 9.0.28.0, Adobe Flash Player: 9.0.31.0, Apple Mac OS X: 10.5.2, Apple Mac OS X Server: 10.5.2, Adobe Flex: 3.0, Adobe AIR: 1.0, Adobe Flash Player: 8.0.24.0, Adobe Flash Player: 9.0.114.0, Adobe Flash Player: 9.0.20, Novell OpenSUSE: 10.2, Novell OpenSUSE: 10.3, Sun OpenSolaris: 2008.5 x86, Sun OpenSolaris: 2008.5 SPARC, Adobe Flash Player: 8.0.39.0
Unauthorized Access Attempt
Adobe Flash Player is vulnerable to a buffer overflow, caused by an integer overflow vulnerability in the processing of multimedia files containing a specific tag. By persuading a victim to open a malicious multimedia file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Refer to APSB08-11 for patch, upgrade or suggested workaround information.
Update Adobe Flash Player to 9.0.124.0. See References.
For Mac OS X:
Apply Security Update 2008-003, available from the Apple Web site. See References.
For other distributions:
Apply the appropriate update for your system. See References.
IBM Internet Security Systems Protection Advisory, April 8, 2008
Adobe Flash Player Invalid Pointer Vulnerability
http://www.iss.net/threats/289.html
APSB08-11
Flash Player update available to address security vulnerabilities
http://www.adobe.com/support/security/bulletins/apsb08-11.html
SANS - Internet Storm Center, 2008-05-27
Adobe flash player vuln
http://isc.sans.org/diary.html?storyid=4465
Adobe Product Security Incident Response Team (PSIRT) Blog, May 27, 2008 11:05 AM
Potential Flash Player issue
http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
Dancho Danchev's Blog, Tuesday, May 27, 2008
Malware Attack Exploiting Flash Zero Day Vulnerability
http://ddanchev.blogspot.com/2008/05/malware-attack-exploiting-flash-zero.html
Apple Web site
About the security content of Security Update 2008-003 / Mac OS X 10.5.3
http://support.apple.com/kb/HT1897
Sun Alert ID: 238305
Multiple Security Vulnerabilities in Flash Player for Solaris
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238305-1
NORTEL BULLETIN ID: 2008008954, Rev 1
Nortel Response to Sun Alert 238305 - Multiple Security Vulnerabilities in Flash Player for Solaris 10
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=745016
ZDI-08-032
Adobe Flash DefineSceneAndFrameLabelData Parsing Memory Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-032/
ISS X-Force
Adobe Flash Player invalid pointer integer overflow
http://www.iss.net/security_center/static/37277.php
CVE
CVE-2007-0071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071