|
Flash Player Unspecified Vulnerability and "addRequestHeader()" Bypass
|
|
Secunia Advisory:
|
SA20971
|
|
|
Release Date:
|
2006-07-10
|
|
Last Update:
|
2008-05-15
|
|
Popularity:
|
16,304 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
Cross Site Scripting
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Macromedia Flash 8.x
Macromedia Flash MX 2004
Macromedia Flash MX Professional 2004
Macromedia Flash Player 7.x
Macromedia Flash Player 8.x
Macromedia Flex 1.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2006-3587
CVE-2006-3588
|
|
Description:
Two vulnerabilities have been reported in Flash Player, which can be exploited by malicious people to bypass certain security restrictions and potentially compromise a user's system.
1) Certain unspecified memory access errors within the handling of SWF files can be exploited via a specially crafted SWF file.
Successful exploitation may allow execution of arbitrary code.
The vulnerability has been reported in version 8.0.24. Prior versions may also be affected.
2) A design error exists in the implementation of the "addRequestHeader()" method. This can be exploited to overwrite arbitrary HTTP headers in an outgoing HTTP request to an arbitrary web site via the "LoadVars" class and the "send()" method.
Successful exploitation allows e.g. a malicious web site to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site by overwriting the "Host" header, but requires that the site has the same IP as the malicious web site but another virtual host.
The vulnerability has been confirmed in version 8.0.22.0. Other versions may also be affected.
Solution:
Upgrade to version 9.0.16.0 or another fixed version (see the vendor advisory for details).
Provided and/or discovered by:
1) Haifei Li, Fortinet Security Research.
2) Amit Klein, AKsecurity.
Changelog:
2006-07-13: Added link to US-CERT vulnerability note.
2006-07-17: Added CVE reference.
2006-07-18: Added CVE reference.
2006-08-17: Added vulnerability provided by Amit Klein. Updated "Description" section.
2006-09-13: Added additional information from the vendor.
2008-05-15: Updated Fortinet link.
Original Advisory:
Adobe:
http://www.adobe.com/support/security/bulletins/apsb06-11.html
Fortinet:
http://www.fortiguardcenter.com/advisory/FGA-2006-20.html
Other References:
US-CERT VU#474593:
http://www.kb.cert.org/vuls/id/474593
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
