Macromedia Flash Player Flash.ocx Unspecified Function Arbitrary Code Execution

2005-11-04T21:29:09
ID OSVDB:18825
Type osvdb
Reporter Fang Xing(advisories@eeye.com), Bernhard Mueller(research@sec-consult.com)
Modified 2005-11-04T21:29:09

Description

Vulnerability Description

Flash.ocx, part of Macromedia Flash Player, fails to perform proper validation of the frame type identifier from SWF files. The frame type identifier is used as an index into an array of function pointers. With a specially crafted SWF file, a remote attacker can cause arbitrary code execution, resulting in a loss of integrity.

Solution Description

Upgrade to Flash Player 8 (8.0.22.0) or Flash Player 7 update 7.0.60.0 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Flash.ocx, part of Macromedia Flash Player, fails to perform proper validation of the frame type identifier from SWF files. The frame type identifier is used as an index into an array of function pointers. With a specially crafted SWF file, a remote attacker can cause arbitrary code execution, resulting in a loss of integrity.

References:

Vendor URL: http://www.macromedia.com/ Vendor URL: http://freshmeat.net/projects/flashplugin/ Vendor Specific Advisory URL Security Tracker: 1015156 Secunia Advisory ID:17430 Secunia Advisory ID:17481 Secunia Advisory ID:17437 Secunia Advisory ID:17738 Secunia Advisory ID:17626 Secunia Advisory ID:20045 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200511-21.xml Other Advisory URL: http://www.eeye.com/html/research/upcoming/20050627b.html Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Nov/0007.html Microsoft Knowledge Base Article: 913433 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0130.html Keyword: EEYEB-20050627b,MPSB05-07 ISS X-Force ID: 22959 Generic Informational URL: http://www.techworld.com/security/news/index.cfm?NewsID=4740 CVE-2005-2628