ID

VAR-201203-0234

CVE

CVE-2012-0773

TITLE

Adobe Flash Player and AIR of NetStream Vulnerability in arbitrary code execution in class

DESCRIPTION

The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player is prone to multiple memory-corruption vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:0434-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0434.html Issue date: 2012-03-29 CVE Names: CVE-2012-0773 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This vulnerability is detailed on the Adobe security page APSB12-07, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially-crafted SWF content. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-10.3.183.18-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.18-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-10.3.183.18-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.18-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-10.3.183.18-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.18-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-10.3.183.18-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.18-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-10.3.183.18-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.18-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0773.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-07.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPdBSFXlSAg2UNWIIRArd2AKCBKTfNknPvG1mKHmpb2GgtgBY1zACgvFKG lvZRVvElunVrz8W954tuAHw= =Nvc6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass intended access restrictions, bypass cross-domain policy, inject arbitrary web script, or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.228" References ========== [ 1 ] CVE-2011-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2445 [ 2 ] CVE-2011-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2450 [ 3 ] CVE-2011-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2451 [ 4 ] CVE-2011-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2452 [ 5 ] CVE-2011-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2453 [ 6 ] CVE-2011-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2454 [ 7 ] CVE-2011-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2455 [ 8 ] CVE-2011-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2456 [ 9 ] CVE-2011-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2457 [ 10 ] CVE-2011-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2458 [ 11 ] CVE-2011-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2459 [ 12 ] CVE-2011-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2460 [ 13 ] CVE-2012-0752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0752 [ 14 ] CVE-2012-0753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0753 [ 15 ] CVE-2012-0754 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0754 [ 16 ] CVE-2012-0755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0755 [ 17 ] CVE-2012-0756 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0756 [ 18 ] CVE-2012-0767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0767 [ 19 ] CVE-2012-0768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0768 [ 20 ] CVE-2012-0769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0769 [ 21 ] CVE-2012-0773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0773 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201204-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based application runtime that delivers uncompromised viewing of expressive applications, content, and videos across screens and browsers. It is installed on 98% of computers. II. The vulnerability is caused by an invalid object being used when parsing a malformed video via "NetStream.appendBytes", which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP enabled. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. Binary Analysis & Exploits/PoCs --------------------------------------- In-depth technical analysis of the vulnerability and a working exploit are available through the VUPEN Binary Analysis & Exploits portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis & Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VI. CREDIT -------------- This vulnerability was discovered by Nicolas Joly of VUPEN Security VII. ABOUT VUPEN Security --------------------------- VUPEN is the leadering provider of advanced vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as "Company of the Year 2011 in the Vulnerability Research Market" by Frost & Sullivan. VUPEN solutions include: * VUPEN Binary Analysis & Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php VIII. DISCLOSURE TIMELINE ----------------------------- 2012-03-07 - Vulnerability Demonstrated at Pwn20wn 2012-04-18 - Public disclosure . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA48618 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48618/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48618 RELEASE DATE: 2012-03-29 DISCUSS ADVISORY: http://secunia.com/advisories/48618/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48618/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48618 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting and spoofing attacks and compromise a user's system. For more information: SA48623 2) An error within certain interaction handling may allow cross-site scripting attacks in EUC-JP. 3) An error in SVG text handling can be exploited to cause an out-of-bounds read. 4) An error in text fragment handling can be exploited to cause an out-of-bounds read. 5) An error exists within SPDY proxy certificate checking. 6) An off-by-one error exists in OpenType sanitizer. 7) A validation error exists within the handling of certain navigation requests from the renderer. 8) A use-after-free error exists in SVG clipping. 9) An unspecified error in Skia can be exploited to corrupt memory. 10) An error exists in v8. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2) Masato Kinugawa 3) Arthur Gerkis 4) miaubiz 5) Leonidas Kontothanassis, Google 6) Mateusz Jurczyk, Google Security Team 7) kuzzcc, Sergey Glazunov, PinkiePie, and scarybeasts, Google Chrome Security Team 8) Atte Kettunen, OUSPG 9) Omair 10) Christian Holler ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer error

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Microsoft Vulnerability Research and anonymous through TippingPoint's Zero Day Initiative

SOURCES

LAST UPDATE DATE

2024-08-14T12:30:13.373000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE