Numerous vulnerabilities have been identified in Adobe's popular Flash Player that allow attackers to gain control over a user's PC and use it as a launching pad to obtain sensitive data, inject arbitrary code, launch cross-site scripting attacks and mount privilege escalation attacks on servers hosting cross-domain policy files.
Adobe confirmed this week that the flaws can be cured by upgrading to version 18.104.22.168 of Flash Player, after Denmark-based vulnerability monitor Secunia detailed 10 “highly critical” vulnerabilities in all previous versions of the multimedia application. Adobe also categorized the upgrade as “critical,” and it has begun phasing out earlier versions of Flash Player.
Adobe posted on its website an advisory warning that all of the versions of Flash Player that preceded version 22.214.171.124 are susceptible to attacks transmitted through the most commonly used proprietary graphics files, known as SWF files, that generate multimedia presentations on the application.
If an unsuspecting user downloads a corrupted SWF using the previous versions of Flash Player, the malicious file may be used by attackers to introduce arbitrary code to the user's PC, to conduct DNS rebinding attacks, and to inject arbitrary HTML and script code in a user's browser.
Other security vulnerabilities identified in the previous versions of Flash Player enable attackers to modify HTTP headers and conduct HTTP splitting requests, and to mount DNS rebinding attacks to establish arbitrary TCP sessions (in which a corrupted Flash movie file will open TCP sockets to arbitrary hosts).
The fact that Adobe addressed the Flash Player vulnerabilities by releasing a new version, rather than offering fixes for previous versions, underscores the critical nature of the application's vulnerabilities, Qualys technical accounts manager Jonathan Bitle told SCMagazineUS.com.
Anyone with the capability to create an SWF file can mount an attack via [the previous versions of] Flash Player,” Bitle said, adding that attackers could download SWF files from reputable sources, maliciously re-program them, and then send them back out to users.
Although the popularity of the Flash Player application puts the exposure to attacks on a scale comparable to widespread phishing attacks that been proliferated via email, Bitle noted that unlike phishing emails – which can automatically generate attacks as soon as they are opened – users must actually download SWF files to be victimised by attacks disguised as Flash Player presentations.
Bitle said that the discovery of critical vulnerabilities in a popular application years after its introduction should serve as a wake-up call to developers regarding the need to increase their focus on potential security issues.
Everyone needs to take their game to the next level in terms of proper coding that focuses on security and potential vulnerabilities,” he said.
See original article on scmagazineus.com
Adobe upgrades Flash Player to close critical flaws
By Jack Rogers on Dec 20, 2007 9:46AM