vulnerability announce CVE-2012-0779

Adobe Flash Player: memory corruption via an object

Synthesis of the vulnerability

An attacker can invite the victim to display a web page with Adobe Flash Player, in order to corrupt the memory, which stops the web browser, or leads to code execution.
Impacted products: Flash Player, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Creation date: 07/05/2012.
Revision date: 25/06/2012.
Identifiers: APSB12-09, BID-53395, CERTA-2012-AVI-252-001, CVE-2012-0779, openSUSE-SU-2012:0594-1, RHSA-2012:0688-01, SUSE-SU-2012:0592-1, SUSE-SU-2012:0592-2, VIGILANCE-VUL-11587.

Description of the vulnerability

The AMF (Action Message Format) format is used to serialize ActionScript objects used by Flash Player. The AMF0 format can store numbers, booleans, strings, etc.

The RTMP (Real Time Messaging Protocol) protocol is used between Adobe Flash Player and a server. This protocol can use AMF0 messages.

However, when the Flash client connects to the RTMP server, if the server returns a malformed AMF0 message of type "_error", then Flash uses an invalid memory address computed from the AMF0 message.

An attacker can therefore invite the victim to display a web page with Adobe Flash Player, in order to corrupt the memory, which stops the web browser, or leads to code execution.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

          

Computer vulnerabilities tracking service

Vigil@nce provides a computer vulnerability bulletin. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.