Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23047
HistoryJan 17, 2010 - 12:00 a.m.

Secunia Research: Microsoft Windows Flash Player Movie Unloading Vulnerability

2010-01-1700:00:00
vulners.com
22
JSON

======================================================================

                 Secunia Research 12/01/2010
  • Microsoft Windows Flash Player Movie Unloading Vulnerability -

======================================================================
Table of Contents

Affected Software…1
Severity…2
Description of Vulnerability…3
Solution…4
Time Table…5
Credits…6
References…7
About Secunia…8
Verification…9

======================================================================
1) Affected Software

  • Windows XP SP2 (bundled Flash Player 6.0.79).

NOTE: Other versions may also be affected.

======================================================================
2) Severity

Rating: Highly critical
Impact: System compromise
Where: Remote

======================================================================
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in Flash Player
distributed with certain versions of Windows XP, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused by a use-after-free error in the bundled
version of Flash Player when unloading Flash objects while these are
still being accessed using script code. This can be exploited to
corrupt memory via a specially crafted web page.

Successful exploitation allows execution of arbitrary code.

======================================================================
4) Solution

Install the latest version of Adobe Flash Player.

======================================================================
5) Time Table

18/10/2007 - Vendor notified.
18/10/2007 - Vendor response.
01/11/2007 - Microsoft states that the vulnerability is fixed by the
patches released in MS06-069.
02/11/2007 - Vendor informed that MS06-069 does not fix the
vulnerability, which was tested against a fully patched
system.
23/11/2007 - Vendor contacted (status update requested).
23/01/2008 - Vendor contacted (status update requested again).
05/02/2008 - Vendor informed that due to no response to status
requests an advisory will be published in two weeks).
05/02/2008 - Vendor response (vulnerability successfully reproduced
and asks for coordinated disclosure).
07/02/2008 - Vendor informed that disclosure will be coordinated.
18/03/2008 - Vendor provides status update.
02/05/2008 - Vendor provides status update (waiting for Adobe).
15/08/2008 - Status update requested.
19/08/2008 - Vendor provides status update (coordinating with Adobe).
15/06/2009 - Status update requested.
22/06/2009 - Vendor response (working on a solution).
20/11/2009 - Status update requested. Vendor also informed that
disclosure of the advisory won't be postponed for much
longer.
30/11/2009 - Status update requested again.
30/11/2009 - Vendor response (coordinating with Adobe on recommending
users to install the latest version of Adobe Flash Player
instead).
07/12/2009 - Vendor informed that Secunia has scheduled the advisory
for disclosure on 12th January 2010.
15/12/2009 - Vendor response (more time requested along with draft of
Secunia advisory).
21/12/2009 - Draft of Secunia Research advisory sent to the vendor.
Vendor also informed that disclosure won't be postponed.
07/01/2010 - Vendor informs that an advisory will be released on 12th
January 2010 at the same time as the Secunia advisory is
published.
12/01/2010 - Public disclosure.

======================================================================
6) Credits

Discovered by Carsten Eiram and Dyon Balding, Secunia Research.

======================================================================
7) References

The Common Vulnerabilities and Exposures (CVE) project has not
currently assigned a CVE identifier for the vulnerability.

======================================================================
8) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2007-77/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================

JSON