The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Adobe Flash Player: several vulnerabilities

Synthesis of the vulnerability 

Several Adobe Flash Player vulnerabilities can be used by an attacker to execute code or to create a denial of service.
Vulnerable software: Flash Player, OpenSolaris, openSUSE, Solaris, RHEL, SLES.
Severity of this announce: 4/4.
Number of vulnerabilities in this bulletin: 32.
Creation date: 11/06/2010.
Références of this computer vulnerability: APSB10-14, BID-40586, BID-40759, BID-40779, BID-40780, BID-40781, BID-40782, BID-40783, BID-40784, BID-40785, BID-40786, BID-40787, BID-40788, BID-40789, BID-40790, BID-40791, BID-40792, BID-40793, BID-40794, BID-40795, BID-40796, BID-40797, BID-40798, BID-40799, BID-40800, BID-40801, BID-40802, BID-40803, BID-40805, BID-40806, BID-40807, BID-40808, BID-40809, CERTA-2010-AVI-261, CERTA-2010-AVI-548, CERTA-2010-AVI-557, CVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189, RHSA-2010:0464-01, RHSA-2010:0470-01, SUSE-SA:2010:024, SUSE-SA:2010:034, SUSE-SA:2010:037, SUSE-SR:2010:013, VIGILANCE-VUL-9703, VU#486225, ZDI-10-109, ZDI-10-110, ZDI-10-111, ZDI-10-114, ZDI-10-115.

Description of the vulnerability 

Several Adobe Flash Player vulnerabilities were announced.

A vulnerability in the management of AVM2 "newfunction" leads to code execution (VIGILANCE-VUL-9686). [severity:4/4; BID-40586, CVE-2010-1297, VU#486225]

An attacker can corrupt the memory, in order to execute code. [severity:4/4; BID-40809, CERTA-2010-AVI-557, CVE-2009-3793]

An attacker can corrupt the memory via the AVM2 getouterscope opcode or the newFrameState method, in order to execute code. [severity:4/4; BID-40779, CVE-2010-2160, ZDI-10-114, ZDI-10-115]

An attacker can generate an array index overflow, in order to execute code. [severity:4/4; BID-40781, CVE-2010-2161]

An attacker can use malicious MP4 (STSC, STSZ, STCO) data, to corrupt the memory, in order to execute code. [severity:4/4; BID-40801, CVE-2010-2162, ZDI-10-109]

An attacker can generate several vulnerabilities, in order to execute code. [severity:4/4; BID-40803, CVE-2010-2163]

An attacker can use a freed memory area, in order to execute code. [severity:4/4; BID-40780, CVE-2010-2164]

An attacker can corrupt the memory, in order to execute code. [severity:4/4; BID-40782, CVE-2010-2165]

An attacker can corrupt the memory, in order to execute code. [severity:4/4; BID-40783, CVE-2010-2166]

An attacker can use malicious GIF/JPEG data, to generate several heap overflows, in order to execute code. [severity:4/4; BID-40802, CVE-2010-2167]

An attacker can corrupt the memory, in order to execute code. [severity:4/4; BID-40807, CVE-2010-2169]

An attacker can generate an integer overflow, in order to execute code. [severity:4/4; BID-40789, CVE-2010-2170]

An attacker can use malicious JPEG data, to corrupt the memory, in order to execute code. [severity:4/4; BID-40784, CVE-2010-2171, ZDI-10-110]

On some Unix platforms, an attacker can generate a denial of service. [severity:2/4; BID-40795, CVE-2010-2172]

An attacker can use the newclass operator, to force the usage of an invalid pointer, in order to execute code. [severity:4/4; BID-40800, CVE-2010-2173]

An attacker can use the newfunction operator, to force the usage of an invalid pointer, in order to execute code. [severity:4/4; BID-40805, CVE-2010-2174]

An attacker can corrupt the memory, in order to execute code. [severity:4/4; BID-40785, CVE-2010-2175]

An attacker can corrupt the memory, in order to execute code. [severity:4/4; BID-40787, CVE-2010-2176]

An attacker can corrupt the memory, in order to execute code. [severity:4/4; BID-40788, CVE-2010-2177]

An attacker can corrupt the memory, in order to execute code. [severity:4/4; BID-40790, CVE-2010-2178]

An attacker can generate a Cross Site Scripting in Firefox and Chrome. [severity:2/4; BID-40808, CVE-2010-2179]

An attacker can corrupt the memory, in order to execute code. [severity:4/4; BID-40791, CVE-2010-2180]

An attacker can generate an integer overflow, in order to execute code. [severity:4/4; BID-40792, CVE-2010-2181]

An attacker can corrupt the memory, in order to execute code. [severity:4/4; BID-40794, CVE-2010-2182]

An attacker can generate an integer overflow, in order to execute code. [severity:4/4; BID-40793, CVE-2010-2183]

An attacker can corrupt the memory, in order to execute code. [severity:4/4; BID-40796, CVE-2010-2184]

An attacker can generate a buffer overflow, in order to execute code. [severity:4/4; BID-40806, CVE-2010-2185]

An attacker can generate a denial of service, and possibly execute code. [severity:2/4; BID-40786, CVE-2010-2186]

An attacker can corrupt the memory, in order to execute code. [severity:4/4; BID-40797, CVE-2010-2187]

An attacker can corrupt the memory via LocalConnection, in order to execute code. [severity:4/4; BID-40798, CVE-2010-2188, ZDI-10-111]

On a VMWare system, with VMWare Tools, an attacker can corrupt the memory, in order to execute code. [severity:3/4; BID-40799, CVE-2010-2189]

An attacker can generate a denial of service. [severity:2/4; CERTA-2010-AVI-261, CERTA-2010-AVI-548, CVE-2008-4546]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability impacts software or systems such as Flash Player, OpenSolaris, openSUSE, Solaris, RHEL, SLES.

Our Vigil@nce team determined that the severity of this security announce is critical.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 32 vulnerabilities.

An attacker with a expert ability can exploit this computer vulnerability note.

Solutions for this threat 

Adobe Flash Player: version 10.1.53.64.
Version 10.1.53.64 is corrected:
  http://www.adobe.com/go/getflash

openSUSE: new acroread packages (02/09/2010).
New packages are available, as indicated in information sources.

RHEL 3E, 4E: new flash-plugin packages.
New packages are available:
Red Hat Enterprise Linux version 3 Extras:
  flash-plugin-9.0.277.0-1.el3.with.oss
Red Hat Enterprise Linux version 4 Extras:
  flash-plugin-9.0.277.0-1.el4

RHEL 5: new flash-plugin packages.
New packages are available:
  flash-plugin-10.1-2.el5

Solaris: patch for Adobe Flash Player.
A patch is available:
Solaris 10
  SPARC: 125332-12
  X86: 125333-12

SUSE: new flash-player packages (13/08/2010).
New packages are available:
openSUSE:
http://download.opensuse.org/update/11.*/rpm/i586/flash-player-10.1.82.76-0.1.1.i586.rpm
SUSE Linux Enterprise Desktop 10 SP3:
http://download.novell.com/patch/finder/?keywords=4f2b033e0413b46d025beb15797c544d
   
SUSE Linux Enterprise Desktop 11 SP1:
http://download.novell.com/patch/finder/?keywords=85ef4e12e2a5ef29d8861660c8ba0fec
SUSE Linux Enterprise Desktop 11:
http://download.novell.com/patch/finder/?keywords=acc35314c2f71240e3fdc5d3f7877332

SUSE: new flash-player packages (14/06/2010).
New packages are available:
openSUSE 11.2:
  http://download.opensuse.org/update/11.2/rpm/i586/flash-player-10.1.53.64-1.1.1.i586.rpm
openSUSE 11.1:
  http://download.opensuse.org/update/11.1/rpm/i586/flash-player-10.1.53.64-1.1.1.i586.rpm
openSUSE 11.0:
  http://download.opensuse.org/update/11.0/rpm/i586/flash-player-10.1.53.64-1.1.i586.rpm
SUSE Linux Enterprise Desktop 10 SP3
  http://download.novell.com/patch/finder/?keywords=95c1970351eaad8ec7445af7b6974ebe
SUSE Linux Enterprise Desktop 11 SP1
  http://download.novell.com/patch/finder/?keywords=9fed1ac7d6ac263f8b42cb8e24927e67
SUSE Linux Enterprise Desktop 11
  http://download.novell.com/patch/finder/?keywords=dc5e2e29ebe98d9444b78ef5643bf4f1

SUSE: new packages (14/06/2010).
New packages are available, as indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer security watch. The technology watch team tracks security threats targeting the computer system.