Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433) - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433)
MS06-020, CVE-2006-0024, CVE-2005-2628

Macromedia Flash Player Remote Code Execution
KB913433
http://support.microsoft.com/kb/913433

Adobe Security Bulletin ASPB06-03
http://www.adobe.com/devnet/security/security_zone/apsb06-03.html

Adobe Security Bulletin MPSB05-07
http://www.adobe.com/devnet/security/security_zone/mpsb05-07.html

CVE-2006-0024 and CVE-2005-2628

This bulletin addresses flaws in older versions of Adobe's flash player.
Both have been fixed for a while by Adobe. In case you haven't yet, this
is your last chance to update the Adobe Flash player.

MS06-020 patched this vulnerability as well. However, it only patched
Flash Player 7 (or 8). If a user had initially Flashplayer 6 installed,
MS06-020 was not applied. As a result, a user may have installed 7 or 8
later, and ended up vulnerable as a result. See the KB article above for
details (http://support.microsoft.com/kb/913433)

The "safe" version is 8.0.24.0 (this is currently the most recent version).

The vulnerability is exploited by viewing a crafted Flash animation.
Such an animation could be delivered via a web page, and e-mail message
or other means (P2P, Instant Messenger). If exploited, any arbitrary
command could be executed using the same privileges of the user viewing
the file.

This patch should be applied fast on all desktops. You may be able to
wait a bit on servers, or you could just uninstall the flash player on
servers (if you never use them to browse).

(Thanks Johannes for the write-up!)
Lorna

165 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!